Vulnerability in Apache Ofbiz
CVE-2019-12425
Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host
EPSS: 0.014 (80.5th percentile) — read the EPSS interpretation.
Affected products
- Apache Ofbiz — versions 17.12.01
References
- s.apache.org/7sr1x (x_refsource_CONFIRM)
- [ofbiz-user] 20200503 Re: [CVE-2019-12425] Apache OFBiz Host Header Injection (mailing-list, x_refsource_MLIST)
- [ofbiz-user] 20200504 Re: [CVE-2019-12425] Apache OFBiz Host Header Injection (mailing-list, x_refsource_MLIST)
- [ofbiz-commits] 20210321 [ofbiz-site] branch master updated: Updates security page for CVE-2021-26295 fixed in 17.12.06 (mailing-list, x_refsource_MLIST)
- [ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07 (mailing-list, x_refsource_MLIST)