vulnerability
Apache OFBiz: CVE-2022-29158: Regular Expression Denial of Service (ReDoS) vulnerability.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Sep 2, 2022 | Dec 23, 2024 | Apr 28, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Sep 2, 2022
Added
Dec 23, 2024
Modified
Apr 28, 2026
Description
Apache ofbiz up to version 18.12.05 is vulnerable to regular expression denial of service (redos) in the way it handles urls provided by external, unauthenticated users. upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/ofbiz-12599
Solution
apache-ofbiz-upgrade-latest
References
- CWE-1333
- CVE-2022-29158
- https://attackerkb.com/topics/CVE-2022-29158
- http://www.openwall.com/lists/oss-security/2022/09/02/5
- https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-33566
- https://github.com/apache/ofbiz-framework/commit/ff92c4bc9
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.