Unrated severityCISA KEVNVD Advisory· Published May 8, 2024· Updated Oct 21, 2025

Apache OFBiz: Path traversal leading to RCE

CVE-2024-32113

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.

Users are recommended to upgrade to version 18.12.13, which fixes the issue.

Affected products

Apache Software Foundation/Apache OFBizv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrdmitrevendor-advisory
issues.apache.org/jira/browse/OFBIZ-13006mitreissue-tracking
ofbiz.apache.org/download.htmlmitremitigation
ofbiz.apache.org/security.htmlmitrerelated
www.openwall.com/lists/oss-security/2024/05/09/1mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000