(ofbiz-site) branch master updated: [SECURITY] (CVE-2024-32113) Path traversal leading to RCE (OFBIZ-13006)

Wed, 08 May 2024 07:55:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ofbiz-site.git


The following commit(s) were added to refs/heads/master by this push:
     new 2c2dd4f  [SECURITY] (CVE-2024-32113) Path traversal leading to RCE 
(OFBIZ-13006)
2c2dd4f is described below

commit 2c2dd4f2714d275c76ab064fcc1b559e9a06721c
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Wed May 8 16:54:40 2024 +0200

    [SECURITY] (CVE-2024-32113) Path traversal leading to RCE (OFBIZ-13006)
---
 security.html                  | 1 +
 template/page/security.tpl.php | 1 +
 2 files changed, 2 insertions(+)

diff --git a/security.html b/security.html
index 4034b83..6e561b8 100644
--- a/security.html
+++ b/security.html
@@ -134,6 +134,7 @@
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32113" 
target="external">CVE-2024-32113</a>; affected releases before 18.12.13; fixed 
in 18.12.13 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b3b87d98dd"; 
target="external">b3b87d98dd</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ff316b6e22"; 
target="external">ff316b6e22</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23946" 
target="external">CVE-2024-23946</a>; affected releases before 18.12.12; fixed 
in 18.12.12 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/b1cf4ef3e1"; 
target="external">b1cf4ef3e1</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/93f8a58419"; 
target="external">93f8a58419</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/c910e413ba"; [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25065" 
target="external">CVE-2024-25065</a>; affected releases before 18.12.12; fixed 
in 18.12.12 with commit <a 
href="https://github.com/apache/ofbiz-framework/commit/b91a9b7f26"; 
target="external">b91a9b7f26</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51467" 
target="external">CVE-2023-51467</a>; affected releases before 18.12.11; fixed 
in 18.12.11 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/d8b097f"; 
target="external">d8b097f</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/1dcfa07180"; 
target="external">1dcfa07180</a> </li>
diff --git a/template/page/security.tpl.php b/template/page/security.tpl.php
index 6e974b4..4c16bee 100644
--- a/template/page/security.tpl.php
+++ b/template/page/security.tpl.php
@@ -34,6 +34,7 @@
 
             <h3>List of Known Vulnerabilities</h3>
             <ul class="iconsList">
+                <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32113" 
target="external">CVE-2024-32113</a>; affected releases before 18.12.13; fixed 
in 18.12.13 with commits <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=b3b87d98dd"; 
target="external">b3b87d98dd</a>, <a 
href="https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=ff316b6e22"; 
target="external">ff316b6e22</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23946" 
target="external">CVE-2024-23946</a>; affected releases before 18.12.12; fixed 
in 18.12.12 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/b1cf4ef3e1"; 
target="external">b1cf4ef3e1</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/93f8a58419"; 
target="external">93f8a58419</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/c910e413ba"; [...]
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25065" 
target="external">CVE-2024-25065</a>; affected releases before 18.12.12; fixed 
in 18.12.12 with commit <a 
href="https://github.com/apache/ofbiz-framework/commit/b91a9b7f26"; 
target="external">b91a9b7f26</a></li>
                 <li><i class="icon-pin"></i> <a 
href="//cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51467" 
target="external">CVE-2023-51467</a>; affected releases before 18.12.11; fixed 
in 18.12.11 with commits <a 
href="https://github.com/apache/ofbiz-framework/commit/d8b097f"; 
target="external">d8b097f</a>, <a 
href="https://github.com/apache/ofbiz-framework/commit/1dcfa07180"; 
target="external">1dcfa07180</a> </li>

Reply via email to