Apache OFBiz 18.12.05 Regular Expression Denial of Service (ReDoS) Vulnerability

Apache OFBiz 18.12.05 Regular Expression Denial of Service (ReDoS) Vulnerability

CVE-2022-29158 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Learn more about our External Network Penetration Testing.