CVE-2020-6950: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

September 1, 2021 (updated October 21, 2021)

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

References

github.com/advisories/GHSA-rpq8-mmwh-q9hm
github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
github.com/eclipse-ee4j/mojarra/issues/4571
nvd.nist.gov/vuln/detail/CVE-2020-6950

Detect and mitigate CVE-2020-6950 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →