CVE-2024-36104

CVE-2024-36104: Apache OFBiz: Path traversal leading to a RCE

Vendor Apache Software Foundation

Product Apache OFBiz

Weakness CWE-22 · Path traversal

Published June 4, 2024

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Key dates

Disclosure timeline

June 4, 2024 CVE published

February 13, 2025 Record updated