[OFBIZ-11948] Remote Code Execution (File Upload) Vulnerability - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: Trunk, 17.12.04, 18.12.01
Fix Version/s: 17.12.05, 18.12.01, 18.12.06, 22.01.01
Component/s: content, framework/service, party, product/catalog
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

Harshit Shukla harshit.shukz@gmail.com reported this RCE vulnerability to the OFBiz security team, and we thank him for that.

I'll later quote here his email message when the vulnerability will be fixed. It's a post-auth vulnerability so we did not ask for a CVE.

Attachments

Issue Links

Add Link

duplicates

OFBIZ-12080 Secure the uploads

Closed

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Aug/20 16:51

Updated:: 10/Feb/22 16:29

Resolved:: 21/Mar/21 17:52

Agile

Completed Sprint:: Bug Crush Event - 21/2/2015 ended 26/Feb/15

View on Board

Remote Code Execution (File Upload) Vulnerability

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Agile

Slack

Issue deployment