CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE

Sun, 02 Jun 2024 23:55:33 -0700 

Severity: important

Affected versions:

- Apache OFBiz before 18.12.14

Description:

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.

Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Credit:

godspeed (AAA@ZJU) (finder)

References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13092
https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-36104

Reply via email to