[mojarra-dev] Multiple Path Traversal security issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mojarra-dev] Multiple Path Traversal security issues

From: An Trinh <an@xxxxxxxxx>
Date: Fri, 17 May 2019 21:28:22 +0700
Delivered-to: mojarra-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mojarra-dev>
List-help: <mailto:mojarra-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mojarra-dev>, <mailto:mojarra-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mojarra-dev>, <mailto:mojarra-dev-request@eclipse.org?subject=unsubscribe>

Hi,

Latest version of Mojarra allows disclosing arbitrary resource under web context due to lack of filter in a param. I filed a report at eclipse-ee4j/mojarra#4571. Did anyone have the chance to take a look at the issue?

Regards,
An

Prev by Date: [mojarra-dev] building with windows 10 64bit, jdk1.8.0_152, maven 3.5.2
Next by Date: [mojarra-dev] Release 2.3.13 staged - First Jakarta certified release
Previous by thread: [mojarra-dev] building with windows 10 64bit, jdk1.8.0_152, maven 3.5.2
Next by thread: [mojarra-dev] Release 2.3.13 staged - First Jakarta certified release
Index(es):
- Date
- Thread

Breadcrumbs