oss-sec mailing list archives
CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE
From: Jacques Le Roux <jleroux () apache org>
Date: Wed, 08 May 2024 14:39:03 +0000
Severity: important Affected versions: - Apache OFBiz before 18.12.13 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue. Credit: Qiyi Zhang (RacerZ) @secsys from Fudan (finder) References: https://ofbiz.apache.org/download.html https://ofbiz.apache.org/security.html https://issues.apache.org/jira/browse/OFBIZ-13006 https://lists.apache.org/thread/np8vgzr06z6cwm3tz7cs3609bdrj8526 https://ofbiz.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-32113
Current thread:
- CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE Jacques Le Roux (May 09)