CVE Published: 18/11/2024 |
CVE Updated: 21/11/2024 |
CVE Year: 2024 Source: apache |
Vendor: Apache Software Foundation |
Product: Apache OFBiz Status : PUBLISHED
CVE-2024-48962 Description
Improper Control of Generation of Code (\'Code Injection\'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.17.
Users are recommended to upgrade to version 18.12.17, which fixes the issue.