From ee9513564cedd8c607a4c92cdb6052eb6d558339 Mon Sep 17 00:00:00 2001
From: Lohit Kolluri <lohitkolluri@gmail.com>
Date: Thu, 11 Jun 2026 17:54:16 +0530
Subject: [PATCH] Improve GHSA-862q-5rrg-cc9p

---
 .../GHSA-862q-5rrg-cc9p.json                  | 36 ++++++++++++++++---
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json b/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json
index d30eb25bb7bf4..9ac8aeae2483c 100644
--- a/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json
+++ b/advisories/unreviewed/2026/06/GHSA-862q-5rrg-cc9p/GHSA-862q-5rrg-cc9p.json
@@ -1,14 +1,40 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-862q-5rrg-cc9p",
-  "modified": "2026-06-11T00:32:06Z",
+  "modified": "2026-06-11T00:32:17Z",
   "published": "2026-06-11T00:32:06Z",
   "aliases": [
     "CVE-2026-50223"
   ],
-  "details": "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution.\n\nThis issue affects Apache OFBiz: before 24.09.07.\n\nUsers are recommended to upgrade to version 24.09.07, which fixes the issue.",
-  "severity": [],
-  "affected": [],
+  "summary": "Template injection leading to RCE in Apache OFBiz",
+  "details": "A template injection vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template injection attacks that could lead to Remote Code Execution. The issue affects Apache OFBiz versions before 24.09.07. Users should upgrade to version 24.09.07, which fixes the issue.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.apache.ofbiz:ofbiz"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "24.09.07"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -27,7 +53,7 @@
     "cwe_ids": [
       "CWE-94"
     ],
-    "severity": null,
+    "severity": "HIGH",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2026-06-10T23:16:49Z"