diff --git a/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json b/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json index d30eb25bb7bf4..9ac8aeae2483c 100644 --- a/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json +++ b/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json @@ -1,14 +1,40 @@ { "schema_version": "1.4.0", "id": "GHSA-862q-5rrg-cc9p", - "modified": "2026-06-11T00:32:06Z", + "modified": "2026-06-11T00:32:17Z", "published": "2026-06-11T00:32:06Z", "aliases": [ "CVE-2026-50223" ], - "details": "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution.\n\nThis issue affects Apache OFBiz: before 24.09.07.\n\nUsers are recommended to upgrade to version 24.09.07, which fixes the issue.", - "severity": [], - "affected": [], + "summary": "Template injection leading to RCE in Apache OFBiz", + "details": "A template injection vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. The issue affects Apache OFBiz versions before 24.09.07. Users should upgrade to version 24.09.07, which fixes the issue.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "org.apache.ofbiz:ofbiz" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "24.09.07" + } + ] + } + ] + } + ], "references": [ { "type": "ADVISORY", @@ -27,7 +53,7 @@ "cwe_ids": [ "CWE-94" ], - "severity": null, + "severity": "HIGH", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2026-06-10T23:16:49Z"