Severity:
Important
Vendor:
The Apache Software Foundation
Versions Affected:
OFBiz 17.12.03
Description:
Apache OFBiz XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues.
Mitigation:
Upgrade to 17.12.04 or manually apply the commit at OFBIZ-11716
----
Credit:
Alvaro Munoz from GitHub Security Lab team <
[hidden email]>
References:
https://ofbiz.apache.org/security.html