CVE-2022-29158 Vulnerability Details

  /     /     /  

CVE-2022-29158 Metadata Quick Info

CVE Published: 02/09/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: apache | Vendor: Apache Software Foundation | Product: Apache OFBiz
Status : PUBLISHED

---

CVE-2022-29158 Description

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-1333
CWE Name: CWE-1333: Inefficient Regular Expression Complexity
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).