CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29158

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.3%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2022-29158

Apache » Ofbiz » Version: N/A

cpe:2.3:a:apache:ofbiz:-
Apache » Ofbiz » Version: 09.04

cpe:2.3:a:apache:ofbiz:09.04
Apache » Ofbiz » Version: 09.04.01

cpe:2.3:a:apache:ofbiz:09.04.01
Apache » Ofbiz » Version: 10.04

cpe:2.3:a:apache:ofbiz:10.04
Apache » Ofbiz » Version: 10.04.01

cpe:2.3:a:apache:ofbiz:10.04.01
Apache » Ofbiz » Version: 10.04.02

cpe:2.3:a:apache:ofbiz:10.04.02
Apache » Ofbiz » Version: 10.04.03

cpe:2.3:a:apache:ofbiz:10.04.03
Apache » Ofbiz » Version: 10.04.04

cpe:2.3:a:apache:ofbiz:10.04.04
Apache » Ofbiz » Version: 10.04.05

cpe:2.3:a:apache:ofbiz:10.04.05
Apache » Ofbiz » Version: 10.04.06

cpe:2.3:a:apache:ofbiz:10.04.06
Apache » Ofbiz » Version: 11.04

cpe:2.3:a:apache:ofbiz:11.04
Apache » Ofbiz » Version: 11.04.01

cpe:2.3:a:apache:ofbiz:11.04.01
Apache » Ofbiz » Version: 11.04.02

cpe:2.3:a:apache:ofbiz:11.04.02
Apache » Ofbiz » Version: 11.04.03

cpe:2.3:a:apache:ofbiz:11.04.03
Apache » Ofbiz » Version: 11.04.04

cpe:2.3:a:apache:ofbiz:11.04.04
Apache » Ofbiz » Version: 11.04.05

cpe:2.3:a:apache:ofbiz:11.04.05
Apache » Ofbiz » Version: 11.04.06

cpe:2.3:a:apache:ofbiz:11.04.06
Apache » Ofbiz » Version: 12.04

cpe:2.3:a:apache:ofbiz:12.04
Apache » Ofbiz » Version: 12.04.01

cpe:2.3:a:apache:ofbiz:12.04.01
Apache » Ofbiz » Version: 12.04.02

cpe:2.3:a:apache:ofbiz:12.04.02
Apache » Ofbiz » Version: 12.04.03

cpe:2.3:a:apache:ofbiz:12.04.03
Apache » Ofbiz » Version: 12.04.04

cpe:2.3:a:apache:ofbiz:12.04.04
Apache » Ofbiz » Version: 12.04.05

cpe:2.3:a:apache:ofbiz:12.04.05
Apache » Ofbiz » Version: 12.04.06

cpe:2.3:a:apache:ofbiz:12.04.06
Apache » Ofbiz » Version: 13.07

cpe:2.3:a:apache:ofbiz:13.07
Apache » Ofbiz » Version: 13.07.01

cpe:2.3:a:apache:ofbiz:13.07.01
Apache » Ofbiz » Version: 13.07.02

cpe:2.3:a:apache:ofbiz:13.07.02
Apache » Ofbiz » Version: 13.07.03

cpe:2.3:a:apache:ofbiz:13.07.03
Apache » Ofbiz » Version: 16.11.01

cpe:2.3:a:apache:ofbiz:16.11.01
Apache » Ofbiz » Version: 16.11.02

cpe:2.3:a:apache:ofbiz:16.11.02
Apache » Ofbiz » Version: 16.11.03

cpe:2.3:a:apache:ofbiz:16.11.03
Apache » Ofbiz » Version: 16.11.04

cpe:2.3:a:apache:ofbiz:16.11.04
Apache » Ofbiz » Version: 16.11.05

cpe:2.3:a:apache:ofbiz:16.11.05
Apache » Ofbiz » Version: 16.11.06

cpe:2.3:a:apache:ofbiz:16.11.06
Apache » Ofbiz » Version: 16.11.07

cpe:2.3:a:apache:ofbiz:16.11.07
Apache » Ofbiz » Version: 17.12.01

cpe:2.3:a:apache:ofbiz:17.12.01
Apache » Ofbiz » Version: 17.12.03

cpe:2.3:a:apache:ofbiz:17.12.03
Apache » Ofbiz » Version: 17.12.04

cpe:2.3:a:apache:ofbiz:17.12.04
Apache » Ofbiz » Version: 17.12.05

cpe:2.3:a:apache:ofbiz:17.12.05
Apache » Ofbiz » Version: 17.12.06

cpe:2.3:a:apache:ofbiz:17.12.06
Apache » Ofbiz » Version: 17.12.07

cpe:2.3:a:apache:ofbiz:17.12.07
Apache » Ofbiz » Version: 17.12.08

cpe:2.3:a:apache:ofbiz:17.12.08
Apache » Ofbiz » Version: 17.12.09

cpe:2.3:a:apache:ofbiz:17.12.09
Apache » Ofbiz » Version: 18.12.01

cpe:2.3:a:apache:ofbiz:18.12.01
Apache » Ofbiz » Version: 18.12.02

cpe:2.3:a:apache:ofbiz:18.12.02
Apache » Ofbiz » Version: 18.12.03

cpe:2.3:a:apache:ofbiz:18.12.03
Apache » Ofbiz » Version: 18.12.04

cpe:2.3:a:apache:ofbiz:18.12.04
Apache » Ofbiz » Version: 18.12.05

cpe:2.3:a:apache:ofbiz:18.12.05
Apache » Ofbiz » Version: 9.04

cpe:2.3:a:apache:ofbiz:9.04
Apache » Ofbiz » Version: 9.04.01

cpe:2.3:a:apache:ofbiz:9.04.01
Apache » Ofbiz » Version: 9.04.02

cpe:2.3:a:apache:ofbiz:9.04.02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29158

Products

Pricing

Contact Us