CVE-2021-37608

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-37608
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37608.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-37608
Published
2021-08-18T08:15:06.283Z
Modified
2026-03-15T14:44:51.429355Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297.

References

Affected packages

Git / github.com/apache/ofbiz-framework

Affected ranges

Type
GIT
Repo
https://github.com/apache/ofbiz-framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2b17c50ce7fc821011a5864f194d2933a80f6bbd
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "17.12.08"
        }
    ]
}

Affected versions

release17.*
release17.12.01
release17.12.03
release17.12.05
release17.12.06
release17.12.07

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37608.json"