CVE-2019-17091: Cross-site Scripting

October 2, 2019 (updated October 17, 2019)

faces/context/PartialViewContextImpl.java allows Reflected XSS because a client window field is mishandled.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=548244
nvd.nist.gov/vuln/detail/CVE-2019-17091

Detect and mitigate CVE-2019-17091 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →