CVE-2022-29158

EUVD-2022-33566
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
apacheofbiz
𝑥
< 18.12.06
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2022/09/02/5
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928
http://www.openwall.com/lists/oss-security/2022/09/02/5
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928