Severity: low Affected versions:
- Apache OFBiz before 24.09.06
Description:
Improper Control of Generation of Code ('Code Injection'), Improper
Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Credit:
lwd3c (finder)
References:
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-46586
