[OFBIZ-11948] Remote Code Execution (File Upload) Vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Duplicate
Affects Version/s: Trunk, 17.12.04, 18.12.01
Fix Version/s: 17.12.05, 18.12.01, 18.12.06, 22.01.01
Component/s: content, framework/service, party, product/catalog
Labels:
None

Sprint:
Bug Crush Event - 21/2/2015

Description

Harshit Shukla harshit.shukz@gmail.com reported this RCE vulnerability to the OFBiz security team, and we thank him for that.

I'll later quote here his email message when the vulnerability will be fixed. It's a post-auth vulnerability so we did not ask for a CVE.

Attachments

Issue Links

duplicates

OFBIZ-12080 Secure the uploads

Closed

Activity

People

Assignee:: Jacques Le Roux

Reporter:: Jacques Le Roux

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/Aug/20 13:51

Updated:: 10/Feb/22 13:29

Resolved:: 21/Mar/21 14:52