Severity: Important Vendor: The Apache Software Foundation
Versions Affected: OFBiz 17.12.01 Description: Apache OFBiz is vulnerable to CSRF attacks Mitigation: Upgrade to 17.12.03 or manually apply the commits at OFBIZ-11470 ---- Credit: Initially known by the OFBiz security team (OFBIZ-10427), also reported later by Man Yue Mo via RT <security-repo...@semmle.com> Shuibo Ye <shuib...@gmail.com> Vikash Patnaik <vikash.patn...@outlook.com> Sonali Agrahari <sonaliagraha...@gmail.com> Girish Vasmatkar <girish.vasmat...@hotwaxsystems.com> Dinesh Kumar Mohanty <kiitk...@gmail.com> Jason Nordenstam <j.nordens...@offensive-security.com> Pradeep Jairamani <pradeepjairaman...@gmail.com> Faiz Zaidi <faizzaid...@gmail.com> References: https://ofbiz.apache.org/security.html