CVE-2026-31380
published 2026-05-19CVE-2026-31380: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz. This…
medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | ofbiz | < 24.09.06 | 24.09.06 |
| apache_software_foundation | apache_ofbiz | < 24.09.06 | 24.09.06 |