{"schema_version":"1.7.2","id":"OESA-2021-1229","modified":"2021-06-22T11:02:58Z","published":"2021-06-22T11:02:58Z","upstream":["CVE-2020-6950"],"summary":"mojarra security update","details":"JvaServer(TM) Faces technology simplifies building user interfaces for JavaServer applications. Developers of various skill levels can quickly build web applications by: assembling reusable UI components in a page; connecting these components to an application data source; and wiring client-generated events to server-side event handlers.\r\n\r\nSecurity Fix(es):\r\n\r\nDirectory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.(CVE-2020-6950)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"mojarra","purl":"pkg:rpm/openEuler/mojarra\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.13-2.oe1"}]}],"ecosystem_specific":{"noarch":["mojarra-2.2.13-2.oe1.noarch.rpm","mojarra-javadoc-2.2.13-2.oe1.noarch.rpm"],"src":["mojarra-2.2.13-2.oe1.src.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1229"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-6950"}],"database_specific":{"severity":"High"}}