{"id":"CVE-2024-32113","details":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.\n\nUsers are recommended to upgrade to version 18.12.13, which fixes the issue.","modified":"2026-04-10T19:41:20.768691Z","published":"2024-05-08T15:15:10.227Z","references":[{"type":"WEB","url":"https://ofbiz.apache.org/download.html"},{"type":"ADVISORY","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-32113"},{"type":"ADVISORY","url":"https://issues.apache.org/jira/browse/OFBIZ-13006"},{"type":"FIX","url":"https://ofbiz.apache.org/security.html"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2024/05/09/1"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/ofbiz-framework","events":[{"introduced":"0"},{"fixed":"2f4d1acdb93c274eb94ead7890b64dd383cb3dad"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"18.12.13"}]}}],"versions":["release18.12.01","release18.12.02","release18.12.03","release18.12.04","release18.12.05","release18.12.12"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/apache/ofbiz-framework/commit/2f4d1acdb93c274eb94ead7890b64dd383cb3dad","target":{"file":"framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CatalinaContainer.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["260114081133610030839256009349962373096","15515573443394246656853114603185474342","312045122144459436722579104351384668073","310174252314341226846431211601346991755"]},"deprecated":false,"id":"CVE-2024-32113-34f024c2","signature_version":"v1"},{"source":"https://github.com/apache/ofbiz-framework/commit/2f4d1acdb93c274eb94ead7890b64dd383cb3dad","target":{"file":"framework/catalina/src/main/java/org/apache/ofbiz/catalina/container/CatalinaContainer.java","function":"prepareTomcatEngineValves"},"signature_type":"Function","digest":{"function_hash":"212170997469512983725795026215277029444","length":1308},"deprecated":false,"id":"CVE-2024-32113-bcfe7987","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-10T19:41:20Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-32113.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}