======================================================================

                               CERT-Renater

                     Note d'Information No. 2024/VULN231
_____________________________________________________________________

DATE                : 13/05/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache OFBiz versions prior to
                                    18.12.13.

=====================================================================
https://lists.apache.org/thread/bdyor4hz58oly7b4g208qb7m7o6vm94b
_____________________________________________________________________

CVE-2024-32113: Apache OFBiz: Path traversal leading to RCE
Severity: important

Affected versions:

- Apache OFBiz before 18.12.13


Description:

Improper Limitation of a Pathname to a Restricted Directory
('Path Traversal') vulnerability in Apache OFBiz.This issue affects
Apache OFBiz: before 18.12.13.

Users are recommended to upgrade to version 18.12.13, which fixes the
issue.


Credit:

Qiyi Zhang (RacerZ) @secsys from Fudan (finder)


References:

https://ofbiz.apache.org/download.html
https://ofbiz.apache.org/security.html
https://issues.apache.org/jira/browse/OFBIZ-13006
https://lists.apache.org/thread/np8vgzr06z6cwm3tz7cs3609bdrj8526
https://ofbiz.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-32113


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================