Open mend-bolt-for-github[bot] opened 6 months ago
Apache OFBiz - Main development has moved to the ofbiz-frameworks repository.
Library home page: https://github.com/apache/ofbiz.git
Found in HEAD commit: 9f6ed39589395d00f1d69228cb50a7987ba11512
Found in base branch: trunk
/minilang/ValidationException.java
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
Publish Date: 2024-02-28
URL: CVE-2024-23946
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://www.zerodayinitiative.com/advisories/ZDI-24-183/
Release Date: 2024-01-29
Fix Resolution: release18.12.12
Step up your Open Source Security Game with Mend here
CVE-2024-23946 - Medium Severity Vulnerability
Vulnerable Library - ofbizbeforeSvnRestructuring
Apache OFBiz - Main development has moved to the ofbiz-frameworks repository.
Library home page: https://github.com/apache/ofbiz.git
Found in HEAD commit: 9f6ed39589395d00f1d69228cb50a7987ba11512
Found in base branch: trunk
Vulnerable Source Files (1)
/minilang/ValidationException.java
Vulnerability Details
Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
Publish Date: 2024-02-28
URL: CVE-2024-23946
CVSS 3 Score Details (5.3)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.zerodayinitiative.com/advisories/ZDI-24-183/
Release Date: 2024-01-29
Fix Resolution: release18.12.12
Step up your Open Source Security Game with Mend here