CVE-2024-32113

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*

History

21 Nov 2024, 09:14

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/05/09/1 - Mailing List () http://www.openwall.com/lists/oss-security/2024/05/09/1 - Mailing List
References () https://issues.apache.org/jira/browse/OFBIZ-13006 - Vendor Advisory () https://issues.apache.org/jira/browse/OFBIZ-13006 - Vendor Advisory
References () https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd - Mailing List () https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd - Mailing List
References () https://ofbiz.apache.org/download.html - Product () https://ofbiz.apache.org/download.html - Product
References () https://ofbiz.apache.org/security.html - Patch () https://ofbiz.apache.org/security.html - Patch

08 Aug 2024, 13:38

Type Values Removed Values Added
First Time Apache
Apache ofbiz
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
References () http://www.openwall.com/lists/oss-security/2024/05/09/1 - () http://www.openwall.com/lists/oss-security/2024/05/09/1 - Mailing List
References () https://issues.apache.org/jira/browse/OFBIZ-13006 - () https://issues.apache.org/jira/browse/OFBIZ-13006 - Vendor Advisory
References () https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd - () https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd - Mailing List
References () https://ofbiz.apache.org/download.html - () https://ofbiz.apache.org/download.html - Product
References () https://ofbiz.apache.org/security.html - () https://ofbiz.apache.org/security.html - Patch

01 Aug 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/05/09/1 -
Summary
  • (es) Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Apache OFBiz. Este problema afecta a Apache OFBiz: antes del 18.12.13. Se recomienda a los usuarios actualizar a la versión 18.12.13, que soluciona el problema.

08 May 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-08 15:15

Updated : 2024-11-21 09:14


NVD link : CVE-2024-32113

Mitre link : CVE-2024-32113

CVE.ORG link : CVE-2024-32113


JSON object : View

Products Affected

apache

  • ofbiz
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')