{"id":"CVE-2021-30128","details":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version","modified":"2026-04-11T17:12:22.040667Z","published":"2021-04-27T20:15:08.903Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cuser.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb82f41de3c44bb644632531f79649046ca76afeab25a2bdb9991ab84%40%3Cnotifications.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r078351a876ed284ba667b33aba29428d7308a5bd4df78f14a3df6661%40%3Cnotifications.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rab718cfe6468085d7560c0c1ae816841e175886199f42e36efb8d735%40%3Cnotifications.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rbe512e5ccd6b11169c6379daa1234bc805f3d53c5a38224e956295ce%40%3Cnotifications.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d%40%3Ccommits.ofbiz.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d%40%3Ccommits.ofbiz.apache.org%3E"},{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2021/04/27/5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/ofbiz-framework","events":[{"introduced":"0"},{"fixed":"717bd4ba43807ee20eafbe1d44b048b3d4f7b20c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"17.12.07"}]}}],"versions":["release17.12.01","release17.12.03","release17.12.05","release17.12.06"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:12:22Z","vanir_signatures":[{"target":{"file":"framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java"},"signature_type":"Line","id":"CVE-2021-30128-5d11b77b","digest":{"line_hashes":["110015357393237510422024547574110445891","103759469619733990389107269988253683292","53310710791051227402110386129181641124","338375898274596716495337317305322336620","252025656421102958553176540317162580723","326270266377966770245133828702753501876","217016609819802681141859637634855935287","156772864617605705593393775214733732284","142748572956406197153890146424230660178","242918629267813835003175391117285889672","275436613290359802416043000553657283867","327848660510616831988587361445399539602","304625182092133006104264998509195074719","226487228024108790944300977603416434887","298719494205625718619385142369913695954","189928426396389557405566135383339705472","85445592557782425591869575799430982868","331630501652662490500311835116269740470","206233465455324272214085228383807030490","93492048358034791674208089889632386451","88976781864824335147783806406434465949","144821322174533928607795755636700290308","106151073967580855851351509449120792913","115048922722834692105810608253650446279","284266970324443606099003225672678301584","240763838389343635670668203169045824818"],"threshold":0.9},"deprecated":false,"source":"https://github.com/apache/ofbiz-framework/commit/717bd4ba43807ee20eafbe1d44b048b3d4f7b20c","signature_version":"v1"},{"target":{"file":"framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java","function":"isValidFile"},"signature_type":"Function","id":"CVE-2021-30128-94ab6085","digest":{"length":2640,"function_hash":"325160111052579006851973960307013263862"},"deprecated":false,"source":"https://github.com/apache/ofbiz-framework/commit/717bd4ba43807ee20eafbe1d44b048b3d4f7b20c","signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-30128.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}