[jboss-jira] [JBoss JIRA] (WFLY-13440) CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
Farah Juma (Jira)
issues at jboss.org
Thu May 7 13:57:00 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13440?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Farah Juma moved JBEAP-19438 to WFLY-13440:
-------------------------------------------
Project: WildFly (was: JBoss Enterprise Application Platform)
Key: WFLY-13440 (was: JBEAP-19438)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: JSF
(was: JSF)
Affects Version/s: (was: 7.3.0.GA)
Fix Version/s: (was: 7.3.1.GA)
> CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
> -----------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-13440
> URL: https://issues.redhat.com/browse/WFLY-13440
> Project: WildFly
> Issue Type: Bug
> Components: JSF
> Reporter: Farah Juma
> Assignee: Farah Juma
> Priority: Minor
> Labels: CVE-2018-14371, Security, SecurityTracking, downstream_dependency, pscomponent:jsf-impl
>
> CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
> https://bugzilla.redhat.com/show_bug.cgi?id=1607709
> This was already fixed upstream:
> https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list