Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS00M3E3LXE1dnAtM2c2OM4AAWSt

High EPSS: 0.02605% (0.85091 Percentile) EPSS:
Permalink JSON

Path Traversal in Eclipse Mojarra

Affected Packages Affected Versions Fixed Versions
maven:org.glassfish:mojarra-parent < 2.3.7 2.3.7
0 Dependent packages
1 Dependent repositories

Affected Version Ranges

All affected versions

All unaffected versions

2.3.15, 2.3.16, 2.3.17, 2.3.18, 2.3.19, 2.3.20, 2.3.21, 3.0.0, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.1.0, 4.1.1, 4.1.2, 4.1.3

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

References:

Identifiers

GHSA-43q7-q5vp-3g68

CVE-2018-14371

Risk

Severity

High

EPSS

EPSS Percentage: 0.02605

EPSS Percentile: 0.85091

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/eclipse-ee4j/mojarra

Date and time

Published

over 3 years ago

Updated

about 2 years ago

API

JSON