First published: Wed Feb 28 2024(Updated: )
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache OFBiz | <18.12.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-23946 has a high severity due to the potential for unauthorized file inclusion through path traversal.
To fix CVE-2024-23946, upgrade to Apache OFBiz version 18.12.12 or later.
Path traversal in CVE-2024-23946 refers to the ability of an attacker to access files outside of the intended directory structure.
Versions of Apache OFBiz prior to 18.12.12 are affected by CVE-2024-23946.
There is no official workaround for CVE-2024-23946; upgrading to the fixed version is recommended.