Apache OFBiz Code Injection Vulnerability in Email Services Allowing Remote Code Execution

A code injection vulnerability has been identified in the email services of Apache OFBiz, affecting versions prior to 24.09.06. This vulnerability allows for authenticated remote code execution through improper control of code generation.

Impact

Exploitation of this vulnerability could lead to authenticated remote code execution on the server where Apache OFBiz is running.

Remediation

Users are advised to upgrade to Apache OFBiz version 24.09.06 or later, which addresses this vulnerability.