CVE-2022-29158: Regular Expression Denial of Service (ReDoS) vulnerability in Apache OFBiz
First published: Fri Sep 02 2022(Updated: )
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache OFBiz | <18.12.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-29158?
The severity of CVE-2022-29158 is high with a score of 7.5.
How does CVE-2022-29158 impact Apache OFBiz?
CVE-2022-29158 affects Apache OFBiz up to version 18.12.05 and can lead to Regular Expression Denial of Service (ReDoS) when handling URLs provided by external, unauthenticated users.
How can I fix CVE-2022-29158?
To fix CVE-2022-29158, you should upgrade Apache OFBiz to version 18.12.06 or apply the patches provided at https://issues.apache.org/jira/browse/OFBIZ-12599.
What is the CWE ID for CVE-2022-29158?
The CWE ID for CVE-2022-29158 is 1333.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/apache
- canonical/apache ofbiz