CVE-2022-29158

High

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by…

apache·CWE-1333·Published 2022-09-02

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

259 chars

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

NVDen

259 chars

NVDes

303 chars

Apache OFBiz versiones hasta 18.12.05, es vulnerable a la Denegación de Servicio por Expresión Regular (ReDoS) en la forma en que maneja las URLs proporcionadas por usuarios externos no autenticados. Actualice a versión 18.12.06 o aplique los parches en https://issues.apache.org/jira/browse/OFBIZ-12599

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H