Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14.

Users are recommended to upgrade to version 18.12.14, which fixes the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.93619}

epss

{'score': 0.93661}


Tue, 01 Jul 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache ofbiz
CPEs cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache ofbiz

Thu, 13 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache Software Foundation
Apache Software Foundation apache Ofbiz
CPEs cpe:2.3:a:apache_software_foundation:apache_ofbiz:*:*:*:*:*:*:*:*
Vendors & Products Apache Software Foundation
Apache Software Foundation apache Ofbiz
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 13 Feb 2025 18:00:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-02-13T17:52:36.097Z

Reserved: 2024-05-20T07:10:04.498Z

Link: CVE-2024-36104

cve-icon Vulnrichment

Updated: 2024-08-02T03:30:13.020Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-04T08:15:10.733

Modified: 2025-07-01T20:23:35.160

Link: CVE-2024-36104

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.