oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE

From: Jacques Le Roux <jleroux () apache org>
Date: Mon, 03 Jun 2024 06:55:25 +0000
Severity: important

Affected versions:

- Apache OFBiz before 18.12.14

Description:

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This 
issue affects Apache OFBiz: before 18.12.14.

Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Credit:

godspeed (AAA@ZJU) (finder)

References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13092
https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-36104
Previous By Date Next
Previous By Thread Next

Current thread: