jsf-impl: Mojarra is vulnerable to Path traversal. It is possible via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371.
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/
access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
access.redhat.com/errata/RHSA-2020:2511
access.redhat.com/security/updates/classification/#important
bugs.eclipse.org/bugs/show_bug.cgi?id=550943
github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
github.com/eclipse-ee4j/mojarra/issues/4571
issues.redhat.com/browse/JBEAP-16114
issues.redhat.com/browse/JBEAP-18060
issues.redhat.com/browse/JBEAP-18163
issues.redhat.com/browse/JBEAP-18221
issues.redhat.com/browse/JBEAP-18240
issues.redhat.com/browse/JBEAP-18241
issues.redhat.com/browse/JBEAP-18273
issues.redhat.com/browse/JBEAP-18277
issues.redhat.com/browse/JBEAP-18288
issues.redhat.com/browse/JBEAP-18294
issues.redhat.com/browse/JBEAP-18302
issues.redhat.com/browse/JBEAP-18315
issues.redhat.com/browse/JBEAP-18346
issues.redhat.com/browse/JBEAP-18352
issues.redhat.com/browse/JBEAP-18361
issues.redhat.com/browse/JBEAP-18367
issues.redhat.com/browse/JBEAP-18393
issues.redhat.com/browse/JBEAP-18397
issues.redhat.com/browse/JBEAP-18409
issues.redhat.com/browse/JBEAP-18527
issues.redhat.com/browse/JBEAP-18528
issues.redhat.com/browse/JBEAP-18596
issues.redhat.com/browse/JBEAP-18598
issues.redhat.com/browse/JBEAP-18640
issues.redhat.com/browse/JBEAP-18653
issues.redhat.com/browse/JBEAP-18706
issues.redhat.com/browse/JBEAP-18770
issues.redhat.com/browse/JBEAP-18775
issues.redhat.com/browse/JBEAP-18788
issues.redhat.com/browse/JBEAP-18790
issues.redhat.com/browse/JBEAP-18818
issues.redhat.com/browse/JBEAP-18836
issues.redhat.com/browse/JBEAP-18850
issues.redhat.com/browse/JBEAP-18870
issues.redhat.com/browse/JBEAP-18875
issues.redhat.com/browse/JBEAP-18876
issues.redhat.com/browse/JBEAP-18877
issues.redhat.com/browse/JBEAP-18878
issues.redhat.com/browse/JBEAP-18879
issues.redhat.com/browse/JBEAP-18929
issues.redhat.com/browse/JBEAP-18990
issues.redhat.com/browse/JBEAP-18991
issues.redhat.com/browse/JBEAP-19035
issues.redhat.com/browse/JBEAP-19054
issues.redhat.com/browse/JBEAP-19066
issues.redhat.com/browse/JBEAP-19117
issues.redhat.com/browse/JBEAP-19133
issues.redhat.com/browse/JBEAP-19156
issues.redhat.com/browse/JBEAP-19181
issues.redhat.com/browse/JBEAP-19192
issues.redhat.com/browse/JBEAP-19232
issues.redhat.com/browse/JBEAP-19281
issues.redhat.com/browse/JBEAP-19456
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpuoct2021.html