[jira] [Comment Edited] (OFBIZ-13158) [SECURITY] (CVE-2024-47208) Update method to check if the string starts with component:// instead of merely containing it

Wed, 20 Nov 2024 01:17:45 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-13158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17893109#comment-17893109
 ] 

Jacques Le Roux edited comment on OFBIZ-13158 at 11/20/24 9:16 AM:
-------------------------------------------------------------------

Done by https://github.com/apache/ofbiz-framework/commit/f044a7e5bf


was (Author: jacques.le.roux):
Done by https://github.com/apache/ofbiz-framework/commit/2aeb282cdc


>  [SECURITY] (CVE-2024-47208) Update method to check if the string starts with 
> component:// instead of merely containing it
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-13158
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13158
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework/base
>    Affects Versions: 18.12.16
>            Reporter: Jacques Le Roux
>            Assignee: Deepak Dixit
>            Priority: Major
>             Fix For: 18.12.17
>
>
> To work the component protocol must be placed at start of URL



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to