CVE-2024-45507

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.16

Description The issue is related to Server-Side Request Forgery (SSRF) and Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This vulnerability may allow a remote attacker to perform an SSRF attack. Over 2,700 results have been found to be potentially affected.

Recommendations For Apache OFBiz versions prior to 18.12.16, upgrade to version 18.12.16, which fixes the issue. As a temporary workaround, consider restricting access to vulnerable components until a patch is applied. Avoid using URLs in files when loading them from Java or Groovy to prevent potential exploitation.