CVE-2018-14371

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in maven/org.glassfish/javax.faces

Identifiers

GHSA-43q7-q5vp-3g68, CVE-2018-14371

Package Slug

maven/org.glassfish/javax.faces

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

Affected Versions

All versions before 2.3.7

Solution

Upgrade to version 2.3.7 or above.

Last Modified

2022-11-13

source