[jboss-jira] [JBoss JIRA] (WFLY-13440) CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
Brian Stansberry (Jira)
issues at jboss.org
Fri May 8 15:33:00 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13440?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry resolved WFLY-13440.
-------------------------------------
Fix Version/s: 20.0.0.Beta1
Resolution: Done
> CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
> -----------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-13440
> URL: https://issues.redhat.com/browse/WFLY-13440
> Project: WildFly
> Issue Type: Bug
> Components: JSF
> Reporter: Farah Juma
> Assignee: Farah Juma
> Priority: Minor
> Labels: CVE-2018-14371, Security, SecurityTracking, downstream_dependency, pscomponent:jsf-impl
> Fix For: 20.0.0.Beta1
>
>
> CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
> https://bugzilla.redhat.com/show_bug.cgi?id=1607709
> This was already fixed upstream:
> https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list