eclipse-ee4j/mojarra

eclipse-ee4j/mojarra

Releases68

Frequency1 month 1 week

Last Release about 1 month ago

Stars184

Mojarra, a Jakarta Faces implementation

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-6950 ↗	Jun 2, 2021Wednesday, 2 June 2021, 16:15	6.5 MEDIUM	4.3 MEDIUM
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
CVE-2019-17091 ↗	Oct 2, 2019Wednesday, 2 October 2019, 14:15	6.1 MEDIUM	4.3 MEDIUM
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
CVE-2018-14371 ↗	Jul 18, 2018Wednesday, 18 July 2018, 12:29	—	5 MEDIUM
The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.