mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
102 lines
4.3 KiB
JSON
102 lines
4.3 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2019-0235",
|
|
"ASSIGNER": "security@apache.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Apache",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache OFBiz",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "17.12.01"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CSRF Vulnerability"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://s.apache.org/n4vnt",
|
|
"url": "https://s.apache.org/n4vnt"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "http://packetstormsecurity.com/files/157514/Apache-OFBiz-17.12.03-Cross-Site-Request-Forgery.html",
|
|
"url": "http://packetstormsecurity.com/files/157514/Apache-OFBiz-17.12.03-Cross-Site-Request-Forgery.html"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[ofbiz-notifications] 20200705 [jira] [Commented] (OFBIZ-11306) POC for CSRF Token (CVE-2019-0235)",
|
|
"url": "https://lists.apache.org/thread.html/rbd572bb27991835a3455c1bf694e7140d79ab03cdb9e6e50fd1219d7@%3Cnotifications.ofbiz.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[ofbiz-notifications] 20200706 [jira] [Commented] (OFBIZ-11306) POC for CSRF Token (CVE-2019-0235)",
|
|
"url": "https://lists.apache.org/thread.html/r392206f7cd131f0fc3f7c60a767ced93ced00411d55c1777c219c956@%3Cnotifications.ofbiz.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[ofbiz-notifications] 20200707 [jira] [Commented] (OFBIZ-11306) POC for CSRF Token (CVE-2019-0235)",
|
|
"url": "https://lists.apache.org/thread.html/rfe36dc9135810954ef667d29129d02207fb999a286b60d33bd9c2349@%3Cnotifications.ofbiz.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[ofbiz-notifications] 20200708 [jira] [Commented] (OFBIZ-11306) POC for CSRF Token (CVE-2019-0235)",
|
|
"url": "https://lists.apache.org/thread.html/r9eeb6c41d2c562b451f1e48ec56881f59107cc4dea7c883db2c5373d@%3Cnotifications.ofbiz.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[ofbiz-commits] 20200708 [ofbiz-framework] 01/02: Documented: POC for CSRF Token (CVE-2019-0235) (OFBIZ-11306)",
|
|
"url": "https://lists.apache.org/thread.html/rb53870d24088956a555683aa1aea7e532e3be65b863b9c75eac31b90@%3Ccommits.ofbiz.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
|
|
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
|
|
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks."
|
|
}
|
|
]
|
|
}
|
|
} |