CVE-2013-3827 – org.glassfish:javax.faces

Package

Manager: maven
Name: org.glassfish:javax.faces
Vulnerable Version: >=2.0.0 <2.1.19

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.91918 pctl0.99686

Details

Path Traversal in Eclipse Mojarra Multiple path traversal flaws where found in Mojarra JSF2 implementation for identifying resources by name or from libraries. An unauthenticated remote attacker can use these flaws to gather otherwise undisclosed information from within an application's root.

Metadata

Created: 2022-05-17T03:13:10Z
Modified: 2022-11-03T22:33:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q388-j7cw-ff7w/GHSA-q388-j7cw-ff7w.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-q388-j7cw-ff7w
Finding: F063
Auto approve: 1