{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T19:11:05.249","vulnerabilities":[{"cve":{"id":"CVE-2022-29158","sourceIdentifier":"security@apache.org","published":"2022-09-02T07:15:07.630","lastModified":"2024-11-21T06:58:36.370","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599"},{"lang":"es","value":"Apache OFBiz versiones hasta 18.12.05, es vulnerable a la Denegación de Servicio por Expresión Regular (ReDoS) en la forma en que maneja las URLs proporcionadas por usuarios externos no autenticados. Actualice a versión 18.12.06 o aplique los parches en https://issues.apache.org/jira/browse/OFBIZ-12599"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*","versionEndExcluding":"18.12.06","matchCriteriaId":"B41AC544-FCCD-4136-BA78-4BA21DB66095"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2022/09/02/5","source":"security@apache.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928","source":"security@apache.org","tags":["Mailing List","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2022/09/02/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/7k92rg1o4ql2yw3o0vttkcl2jhq7j928","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Vendor Advisory"]}]}}]}