Vulnerability

CVE-2020-6950

 Report advisory or correction

CVSS Score 6.5 medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-22

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943
https://github.com/eclipse-ee4j/mojarra/issues/4571
https://github.com/eclipse-ee4j/mojarra/pull/4629
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6950

[CVE-2020-6950] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.

See org.glassfish/javax.faces package information