CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE

Jacques Le Roux Wed, 08 May 2024 07:40:01 -0700

Severity: important

Affected versions:


- Apache OFBiz before 18.12.13

Description:

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 
vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.

Users are recommended to upgrade to version 18.12.13, which fixes the issue.

Credit:

Qiyi Zhang (RacerZ) @secsys from Fudan (finder)

References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13006
https://lists.apache.org/thread/np8vgzr06z6cwm3tz7cs3609bdrj8526
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-32113

CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE

Reply via email to