LinuxLists.cc - [oss-security] CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE

2024-06-03 12:59:39

by Jacques Le Roux

[permalink] [raw]

Subject: [oss-security] CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE

Severity: important

Affected versions:

- Apache OFBiz before 18.12.14

Description:

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.

Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Credit:

godspeed (AAA@ZJU) (finder)

References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13092
https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-36104