Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.myfaces.core/myfaces-impl@2.0.2
purl pkg:maven/org.apache.myfaces.core/myfaces-impl@2.0.2
Next non-vulnerable version 2.0.12
Latest non-vulnerable version 3.0.1
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-aj1q-r1y1-bkbh
Aliases:
CVE-2011-4367
GHSA-gjfx-9wx3-j6r7
Directory traversal This package allow remote attackers to read arbitrary files via a `..` in the `ln` parameter to `faces/javax.faces.resource/web.xml` or the `PATH_INFO` to `faces/javax.faces.resource/`.
2.0.12
Affected by 0 other vulnerabilities.
2.1.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T20:31:39.416806+00:00 GitLab Importer Affected by VCID-aj1q-r1y1-bkbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.myfaces.core/myfaces-impl/CVE-2011-4367.yml 38.4.0
2026-04-11T21:41:59.697480+00:00 GitLab Importer Affected by VCID-aj1q-r1y1-bkbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.myfaces.core/myfaces-impl/CVE-2011-4367.yml 38.3.0
2026-04-02T21:56:11.535979+00:00 GitLab Importer Affected by VCID-aj1q-r1y1-bkbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.myfaces.core/myfaces-impl/CVE-2011-4367.yml 38.1.0
2026-04-01T16:13:20.972160+00:00 GitLab Importer Affected by VCID-aj1q-r1y1-bkbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.myfaces.core/myfaces-impl/CVE-2011-4367.yml 38.0.0