org.glassfish:javax.faces@2.2.0-m09 vulnerabilities

  • latest version

    2.4.0

  • latest non vulnerable version

  • first published

    13 years ago

  • latest version published

    6 years ago

  • licenses detected

  • package manager

Direct Vulnerabilities

Known vulnerabilities in the org.glassfish:javax.faces package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

Eclipse Mojarra

Affected versions of this package are vulnerable to Directory Traversal via the getLocalePrefix function in the ResourceManager.java class. A remote attacker can download configuration files or Java bytecodes from applications.

How to fix Directory Traversal?

Upgrade to version 2.3.5 or higher.

[,2.3.5)
  • M
Cross-site Scripting (XSS)

org.glassfish:javax.faces Mojarra JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.

[2,2.2.5]