0.005 Low
EPSS
Percentile
76.0%
JavaServer Faces is vulnerable to directory traversal. A malicious user can access arbitrary files through loc parameters in the function ResourceManager.java:getLocalePrefix().
loc
ResourceManager.java:getLocalePrefix()
bugzilla.redhat.com/show_bug.cgi?id=1607710
github.com/javaserverfaces/mojarra/issues/4364