{"id":"CVE-2021-25958","details":"In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception occurs.","modified":"2026-04-11T13:54:00.259743Z","published":"2021-08-30T14:15:07.117Z","references":[{"type":"ADVISORY","url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25958"},{"type":"FIX","url":"https://github.com/apache/ofbiz-framework/commit/2f5b8d33e32c4d9a48243cf9e503236acd5aec5c"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/ofbiz-framework","events":[{"introduced":"8ff603476a8b1ab568858d8910615f846682d4cb"},{"fixed":"2b17c50ce7fc821011a5864f194d2933a80f6bbd"},{"fixed":"2f5b8d33e32c4d9a48243cf9e503236acd5aec5c"}],"database_specific":{"versions":[{"introduced":"17.12.01"},{"fixed":"17.12.08"}]}}],"versions":["release17.12.01","release17.12.03","release17.12.05","release17.12.06","release17.12.07"],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"length":9902,"function_hash":"144741747658494383120476548327941776878"},"id":"CVE-2021-25958-68c2aada","target":{"function":"userLogin","file":"framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java"},"source":"https://github.com/apache/ofbiz-framework/commit/2f5b8d33e32c4d9a48243cf9e503236acd5aec5c","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"line_hashes":["32606632593640065468248210987821879733","200531111477409553662999894105605923374","289972015497303555041083521210063810923","109116416936946298742679716383752612640","81953033587050882691275832451472073088","267617210043281553941494801289174868686","34404009237307586345414036235181602538","149820428946309151202528442026414149188","159870138285328821481411082755674453957","138358119217820591267769456432040003640","187105862044598432451416096314680360342","296823163663119527232475368969174385688","177236513552390191257737232870915070621","339660004404640386518045384322311395283","199462711897053384151894667093735741136","73522910456790200690367155376074993387"],"threshold":0.9},"id":"CVE-2021-25958-878807ce","target":{"file":"framework/common/src/main/java/org/apache/ofbiz/common/login/LoginServices.java"},"source":"https://github.com/apache/ofbiz-framework/commit/2f5b8d33e32c4d9a48243cf9e503236acd5aec5c","signature_version":"v1","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25958.json","vanir_signatures_modified":"2026-04-11T13:54:00Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}