References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Change History

AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

http://www.openwall.com/lists/oss-security/2025/03/07/1

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.

This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.  

It's a regression between 18.12.17 and 18.12.18.
In case you use something like that, which is not recommended!
For security, only official releases should be used.

In other words, if you use 18.12.17 you are still safe.
The version 18.12.17 is not a affected.
But something between 18.12.17 and 18.12.18 is.

In that case, users 

CWE-1336

https://issues.apache.org/jira/browse/OFBIZ-12594

https://lists.apache.org/thread/prb48ztk01bflyyjbl6p56wlcc1n5sz7

https://ofbiz.apache.org/download.html

https://ofbiz.apache.org/security.html