孙相

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 18.12.17 **Description** The issue is related to Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This vulnerability may allow a remote attacker to perform an SSRF attack. Users are recommended to upgrade to a fixed version to resolve the issue. **Recommendations** For Apache OFBiz versions prior to 18.12.17, upgrade to version 18.12.17, which fixes the issue. As a temporary workaround, consider restricting access to vulnerable components until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 18.12.16 **Description** The issue is related to Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This vulnerability may allow a remote attacker to perform an SSRF attack. Over 2,700 results have been found to be potentially affected. **Recommendations** For Apache OFBiz versions prior to 18.12.16, upgrade to version 18.12.16, which fixes the issue. As a temporary workaround, consider restricting access to vulnerable components until a patch is applied. Avoid using URLs in files when loading them from Java or Groovy to prevent potential exploitation.