[jira] [Commented] (OFBIZ-13092) [SECURITY] (CVE-2024-36104) Path traversal leading to RCE

Mekika Leila (Jira) Tue, 14 Jan 2025 06:41:18 -0800


    [ 
https://issues.apache.org/jira/browse/OFBIZ-13092?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17912926#comment-17912926
 ]


Mekika Leila commented on OFBIZ-13092:
--------------------------------------

ok thanks [~jleroux] for the quick answer !

Just to understand, you said it was only on 18.12 ? I think it is also on trunk 
because the issue is reproductible also on demo  
[https://demo-trunk.ofbiz.apache.org/partymgr/control/findparty]

> [SECURITY] (CVE-2024-36104) Path traversal leading to RCE
> ---------------------------------------------------------
>
>                 Key: OFBIZ-13092
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-13092
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework/webapp
>    Affects Versions: 18.12.14
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>             Fix For: 18.12.18
>
>         Attachments: image-2025-01-13-16-10-01-639.png, 
> image-2025-01-13-16-18-46-537.png
>
>
> Better avoid special encoded characters sequences 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (OFBIZ-13092) [SECURITY] (CVE-2024-36104) Path traversal leading to RCE

Reply via email to