Apache · Apache Ofbiz · CVE-2024-48962
**Name of the Vulnerable Software and Affected Versions**
Apache OFBiz versions prior to 18.12.17
**Description**
The issue is related to improper control of code generation, allowing for code injection, and also involves cross-site request forgery (CSRF) and improper neutralization of special elements used in a template engine. This could potentially enable a remote attacker to perform a server-side request forgery (SSRF) attack.
**Recommendations**
For versions prior to 18.12.17, upgrade to version 18.12.17 to fix the issue. As a temporary workaround, consider restricting access to vulnerable components until the upgrade can be applied.