[jboss-jira] [JBoss JIRA] (WFLY-13439) CVE-2020-6950 jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-1437
Brian Stansberry (Jira)
issues at jboss.org
Fri May 8 15:33:00 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry resolved WFLY-13439.
-------------------------------------
Fix Version/s: 20.0.0.Beta1
Resolution: Done
> CVE-2020-6950 jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-1437
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-13439
> URL: https://issues.redhat.com/browse/WFLY-13439
> Project: WildFly
> Issue Type: Bug
> Components: JSF
> Reporter: Farah Juma
> Assignee: Farah Juma
> Priority: Minor
> Labels: CVE-2020-6950, Security, SecurityTracking, pscomponent:jsf-impl
> Fix For: 20.0.0.Beta1
>
>
> Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 https://bugzilla.redhat.com/show_bug.cgi?id=1805006
> This was already fixed upstream:
> https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
> https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list