Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-13440

CVE-2018-14371 jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter

    XMLWordPrintable

Details

    Description

      CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter
      https://bugzilla.redhat.com/show_bug.cgi?id=1607709

      This was already fixed upstream:
      https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24

      Attachments

        Issue Links

          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. WFLY-13313 Upgrade Mojarra to 2.3.9.SP09

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              fjuma1@redhat.com Farah Juma
              fjuma1@redhat.com Farah Juma
              Alessio Soldano, Anne-Louise Tangring (Inactive), Anton Boyko (Inactive), Bartosz Baranowski, Brad Maxwell, Brian Stansberry, Carlo de Wolf, Chess Hazlett, Daniel Kreling, Darran Lofthouse, Ingo Weiss, James Perkins, Jimmy Wilson, Jonathan Christison, Ken Wills, Kunjan Rathod (Inactive), Lin Gao, Martin Svehla, Miroslav Sochurek, Neil Wallace, Panagiotis Sotiropoulos, Paramvir Jindal, Peter Mackay, Radovan Stancel, Roberto Oliveira, Rostislav Svoboda, Stefano Maestri, Ted Won, Tom Jenkinson, Vladimir Dosoudil
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: