Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.01
Description:
Apache OFBiz is vulnerable to CSRF attacks
Mitigation:
Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470
----
Credit:
Initially known by the OFBiz security team (OFBIZ-10427),
also reported later by
Man Yue Mo via RT <
[hidden email]>
Shuibo Ye <
[hidden email]>
Vikash Patnaik <
[hidden email]>
Sonali Agrahari <
[hidden email]>
Girish Vasmatkar <
[hidden email]>
Dinesh Kumar Mohanty <
[hidden email]>
Jason Nordenstam <
[hidden email]>
Pradeep Jairamani <
[hidden email]>
Faiz Zaidi <
[hidden email]>
References:
https://ofbiz.apache.org/security.html
Locked
