Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/mojarra@0?distro=trixie
purl pkg:deb/debian/mojarra@0?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-132f-p6xh-4ydm Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. CVE-2010-4007
VCID-5sf4-cx8k-guae Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled. CVE-2019-17091
GHSA-rjhx-c9qh-qh8f
VCID-aj1q-r1y1-bkbh Directory traversal This package allow remote attackers to read arbitrary files via a `..` in the `ln` parameter to `faces/javax.faces.resource/web.xml` or the `PATH_INFO` to `faces/javax.faces.resource/`. CVE-2011-4367
GHSA-gjfx-9wx3-j6r7
VCID-tbhh-2tte-kkdk Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. CVE-2020-6950
GHSA-rpq8-mmwh-q9hm
VCID-ud7m-cc54-3qbv The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. CVE-2018-14371
GHSA-43q7-q5vp-3g68

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T11:46:26.506462+00:00 Debian Importer Fixing VCID-ud7m-cc54-3qbv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:35:25.406929+00:00 Debian Importer Fixing VCID-aj1q-r1y1-bkbh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:32:06.852638+00:00 Debian Importer Fixing VCID-5sf4-cx8k-guae https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:28:12.482563+00:00 Debian Importer Fixing VCID-132f-p6xh-4ydm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:38:37.168406+00:00 Debian Importer Fixing VCID-tbhh-2tte-kkdk https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:01:44.331110+00:00 Debian Importer Fixing VCID-ud7m-cc54-3qbv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:54:08.705387+00:00 Debian Importer Fixing VCID-aj1q-r1y1-bkbh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:21:27.380306+00:00 Debian Importer Fixing VCID-5sf4-cx8k-guae https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:18:56.015837+00:00 Debian Importer Fixing VCID-132f-p6xh-4ydm https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:48:42.509266+00:00 Debian Importer Fixing VCID-tbhh-2tte-kkdk https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:46:04.069057+00:00 Debian Importer Fixing VCID-tbhh-2tte-kkdk https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:04.048746+00:00 Debian Importer Fixing VCID-5sf4-cx8k-guae https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:04.028536+00:00 Debian Importer Fixing VCID-ud7m-cc54-3qbv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:03.958103+00:00 Debian Importer Fixing VCID-aj1q-r1y1-bkbh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:46:03.912044+00:00 Debian Importer Fixing VCID-132f-p6xh-4ydm https://security-tracker.debian.org/tracker/data/json 38.1.0