CVE-2020-6950
HIGH7.5EPSS 51.7%Directory traversal in Eclipse Mojarra
發布日:2021/9/1修改日:2023/11/8
描述
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
受影響套件(1)
- Maven/org.glassfish:mojarra-parentfrom 0, < 2.3.14
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-6950
- PATCHhttps://github.com/eclipse-ee4j/mojarra
- WEBhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=550943
- WEBhttps://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
- WEBhttps://github.com/eclipse-ee4j/mojarra/issues/4571
- WEBhttps://www.oracle.com/security-alerts/cpuapr2022.html
- WEBhttps://www.oracle.com/security-alerts/cpujan2022.html
- WEBhttps://www.oracle.com/security-alerts/cpuoct2021.html