7.5

CVE-2022-29158

Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheOfbiz Version < 18.12.06
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.75% 0.751
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

http://www.openwall.com/lists/oss-security/2022/09/02/5
Patch
Third Party Advisory
Mailing List
https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928
Patch
Vendor Advisory
Mailing List