[JBoss JIRA] (WFLY-13440) CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

Thursday, 7 May 2020

     [
https://issues.redhat.com/browse/WFLY-13440?page=com.atlassian.jira.plugi...
]

Farah Juma moved JBEAP-19438 to WFLY-13440:
-------------------------------------------

              Project: WildFly  (was: JBoss Enterprise Application Platform)
                  Key: WFLY-13440  (was: JBEAP-19438)
             Workflow: GIT Pull Request workflow   (was: CDW with loose statuses v1)
          Component/s: JSF
                           (was: JSF)
    Affects Version/s:     (was: 7.3.0.GA)
        Fix Version/s:     (was: 7.3.1.GA)

...
 CVE-2018-14371 jsf-impl: mojarra: Path traversal in
ResourceManager.java:getLocalePrefix() via the loc parameter 

-----------------------------------------------------------------------------------------------------------------

                 Key: WFLY-13440
                 URL: https://issues.redhat.com/browse/WFLY-13440
             Project: WildFly
          Issue Type: Bug
          Components: JSF
            Reporter: Farah Juma
            Assignee: Farah Juma
            Priority: Minor
              Labels: CVE-2018-14371, Security, SecurityTracking, downstream_dependency,
pscomponent:jsf-impl

 CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the
loc parameter
 https://bugzilla.redhat.com/show_bug.cgi?id=1607709
 This was already fixed upstream:
 https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37...

--
This message was sent by Atlassian Jira
(v7.13.8#713008)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006