[jira] [Updated] (OFBIZ-13276) CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin

Nicolas Malin (Jira) Mon, 04 Aug 2025 23:54:05 -0700


     [ 
https://issues.apache.org/jira/browse/OFBIZ-13276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nicolas Malin updated OFBIZ-13276:
----------------------------------
    Issue Type: Bug  (was: Improvement)

> CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin
> ---------------------------------------------------------------
>
>                 Key: OFBIZ-13276
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13276
>             Project: OFBiz
>          Issue Type: Bug
>          Components: scrum
>    Affects Versions: 24.09.01
>            Reporter: Nicolas Malin
>            Assignee: Nicolas Malin
>            Priority: Minor
>             Fix For: 24.09.02
>
>         Attachments: OFBIZ-13276.patch
>
>
> On scrum plugin when we call the svn command to retreive a revision diff we 
> call directly the os system by a concat string.
> We improve that to pass the command with a string table



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (OFBIZ-13276) CVE-2025-54466: Apache OFBiz: RCE Vulnerability in scrum plugin

Reply via email to