CVE-2024-23946 Apache OFBiz: Path traversal or file inclusion

2024-02-2815:44:41

CWE-434

CWE-22

apache

www.cve.org

apache ofbiz

path traversal

file inclusion

upgrade

cve-2024-23946

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.4%

JSON

Possible path traversal in Apache OFBiz allowing file inclusion.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache OFBiz",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "18.12.12",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]