OESA-2021-1229

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1229

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1229.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1229

Upstream

CVE-2020-6950

Published

2021-06-22T11:02:58Z

Modified

2025-08-12T05:06:39.308543Z

Summary

mojarra security update

Details

JvaServer(TM) Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly build web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring client-generated events to server-side event handlers.

Security Fix(es):

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.(CVE-2020-6950)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / mojarra

Package

Name: mojarra
Purl: pkg:rpm/openEuler/mojarra&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.13-2.oe1

Ecosystem specific

{
    "src": [
        "mojarra-2.2.13-2.oe1.src.rpm"
    ],
    "noarch": [
        "mojarra-2.2.13-2.oe1.noarch.rpm",
        "mojarra-javadoc-2.2.13-2.oe1.noarch.rpm"
    ]
}