[jboss-jira] [JBoss JIRA] (WFLY-13440) CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

Friday, 8 May 2020

     [
https://issues.redhat.com/browse/WFLY-13440?page=com.atlassian.jira.plugi...
]

Brian Stansberry resolved WFLY-13440.
-------------------------------------
    Fix Version/s: 20.0.0.Beta1
       Resolution: Done

...
 CVE-2018-14371 jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter 

-----------------------------------------------------------------------------------------------------------------

                 Key: WFLY-13440
                 URL: https://issues.redhat.com/browse/WFLY-13440
             Project: WildFly
          Issue Type: Bug
          Components: JSF
            Reporter: Farah Juma
            Assignee: Farah Juma
            Priority: Minor
              Labels: CVE-2018-14371, Security, SecurityTracking, downstream_dependency,
pscomponent:jsf-impl
             Fix For: 20.0.0.Beta1

 CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the
loc parameter
 https://bugzilla.redhat.com/show_bug.cgi?id=1607709
 This was already fixed upstream:
 https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37...

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[jboss-jira] [JBoss JIRA] (WFLY-13440) CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter