CVE-2024-36104

June 4, 2024, 4:57 p.m.

Tags

security@apache.org
CWE-22
2024-06-04
CVE-2024-36104

Product(s) Impacted

Apache OFBiz

  • before 18.12.14

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Weaknesses

Date

Published: June 4, 2024, 8:15 a.m.

Last Modified: June 4, 2024, 4:57 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@apache.org

References

https://issues.apache.org/jira/browse/OFBIZ-13092
security@apache.org
https://lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o
security@apache.org
https://ofbiz.apache.org/download.html
security@apache.org
https://ofbiz.apache.org/security.html
security@apache.org