CVE-2022-29158

high

Description

Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599

References

https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928

http://www.openwall.com/lists/oss-security/2022/09/02/5

Details

Source: Mitre, NVD

Published: 2022-09-02

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00295