Search for packages
| purl | pkg:maven/com.sun.faces/project@2.4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5sf4-cx8k-guae | Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled. |
CVE-2019-17091
GHSA-rjhx-c9qh-qh8f |
| VCID-tbhh-2tte-kkdk | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. |
CVE-2020-6950
GHSA-rpq8-mmwh-q9hm |
| VCID-ud7m-cc54-3qbv | The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications. |
CVE-2018-14371
GHSA-43q7-q5vp-3g68 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T12:38:57.870853+00:00 | GitLab Importer | Fixing | VCID-tbhh-2tte-kkdk | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.sun.faces/project/CVE-2020-6950.yml | 38.0.0 |
| 2026-04-02T12:36:04.761988+00:00 | GitLab Importer | Fixing | VCID-5sf4-cx8k-guae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.sun.faces/project/CVE-2019-17091.yml | 38.0.0 |
| 2026-04-01T12:47:51.681974+00:00 | GitLab Importer | Fixing | VCID-ud7m-cc54-3qbv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.sun.faces/project/CVE-2018-14371.yml | 38.0.0 |