Auto-Update: 2023-12-26T13:00:23.975139+00:00

2025-07-09 16:05:11 +00:00 · 2023-12-26 13:00:27 +00:00 · 2023-12-26 13:00:27 +00:00 · d9b6444502
commit d9b6444502
parent dd124dc934
2 changed files with 57 additions and 6 deletions
--- a/CVE-2023/CVE-2023-509xx/CVE-2023-50968.json
+++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50968.json
@ -0,0 +1,52 @@
+{
+  "id": "CVE-2023-50968",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-12-26T12:15:07.287",
+  "lastModified": "2023-12-26T12:15:07.287",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations.\n\nThe same uri can be operated to realize a SSRF attack also  without  authorizations.\n\nUsers are recommended to upgrade to version 18.12.11, which fixes this issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://issues.apache.org/jira/browse/OFBIZ-12875",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://ofbiz.apache.org/download.html",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://ofbiz.apache.org/release-notes-18.12.11.html",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://ofbiz.apache.org/security.html",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-26T11:00:23.829155+00:00
+2023-12-26T13:00:23.975139+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-26T10:15:07.483000+00:00
+2023-12-26T12:15:07.287000+00:00
 ```

 ### Last Data Feed Release
@ -29,15 +29,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-234231
+234232
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `1`

-* [CVE-2012-10017](CVE-2012/CVE-2012-100xx/CVE-2012-10017.json) (`2023-12-26T10:15:07.483`)
-* [CVE-2023-5180](CVE-2023/CVE-2023-51xx/CVE-2023-5180.json) (`2023-12-26T09:15:07.197`)
+* [CVE-2023-50968](CVE-2023/CVE-2023-509xx/CVE-2023-50968.json) (`2023-12-26T12:15:07.287`)


 ### CVEs modified in the last Commit