What is CVE-2024-36104?

CVE-2024-36104 is a vulnerability in Apache Software Foundation Ofbiz, classified under Path Traversal. Published 2024-06-04.

Is CVE-2024-36104 known to be exploited?

34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Apache Software Foundation Ofbiz

CVE-2024-36104

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.931 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Ofbiz — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

ofbiz.apache.org/download.html (mitigation)
ofbiz.apache.org/security.html (related)
issues.apache.org/jira/browse/OFBIZ-13092 (issue-tracking)
lists.apache.org/thread/sv0xr8b1j7mmh5p37yldy9vmnzbodz2o (vendor-advisory)
www.openwall.com/lists/oss-security/2024/06/03/1

Frequently asked questions

What is CVE-2024-36104?: CVE-2024-36104 is a vulnerability in Apache Software Foundation Ofbiz, classified under Path Traversal. Published 2024-06-04.
Is CVE-2024-36104 known to be exploited?: 34 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.