{"id":"OESA-2021-1229","summary":"mojarra security update","details":"JvaServer(TM) Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly build web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring client-generated events to server-side event handlers.\r\n\r\nSecurity Fix(es):\r\n\r\nDirectory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.(CVE-2020-6950)","modified":"2026-03-11T06:01:03.656523Z","published":"2021-06-22T11:02:58Z","upstream":["CVE-2020-6950"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1229"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-6950"}],"affected":[{"package":{"name":"mojarra","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/mojarra&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.13-2.oe1"}]}],"ecosystem_specific":{"src":["mojarra-2.2.13-2.oe1.src.rpm"],"noarch":["mojarra-2.2.13-2.oe1.noarch.rpm","mojarra-javadoc-2.2.13-2.oe1.noarch.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2021-1229.json"}}],"schema_version":"1.7.5"}