Lucene search

GoogleOSV:GHSA-43Q7-Q5VP-3G68

HistoryMay 14, 2022 - 2:59 a.m.

Path Traversal in Eclipse Mojarra

2022-05-1402:59:22

Google

osv.dev

eclipse mojarra

directory traversal

resourcemanager.java

2.3.7

remote attacker

configuration files

java bytecodes

EPSS

0.005

Percentile

75.9%

JSON

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

References

github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24

github.com/eclipse-ee4j/mojarra/pull/4384

nvd.nist.gov/vuln/detail/CVE-2018-14371

EPSS

0.005

Percentile

75.9%

JSON

Related for OSV:GHSA-43Q7-Q5VP-3G68