CVE-2020-6950

NameCVE-2020-6950
DescriptionDirectory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mojarra (PTS)jessie2.2.8-1fixed
stretch2.2.8-3fixed
sid, trixie, buster, bullseye, bookworm2.2.8-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mojarrasource(unstable)(not affected)

Notes

- mojarra <not-affected> (Vulnerable code introduced later)
https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741

Search for package or bug name: Reporting problems