VulnerableCode Package Details - pkg:maven/org.glassfish/javax.faces@2.2.20

Search for packages

Vulnerability	Summary	Fixed by
VCID-ud7m-cc54-3qbv Aliases: CVE-2018-14371 GHSA-43q7-q5vp-3g68	The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.	2.3.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ud7m-cc54-3qbv
Aliases:
CVE-2018-14371
GHSA-43q7-q5vp-3g68

The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications.

2.3.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5sf4-cx8k-guae	Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.	CVE-2019-17091 GHSA-rjhx-c9qh-qh8f

Vulnerability

Summary

Aliases

VCID-5sf4-cx8k-guae

Cross-site Scripting in Eclipse Mojarra faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces, allows Reflected XSS because a client window field is mishandled.

CVE-2019-17091
GHSA-rjhx-c9qh-qh8f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:59:05.356979+00:00	GitLab Importer	Fixing	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.4.0
2026-04-16T21:51:45.035584+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.4.0
2026-04-11T23:14:35.487831+00:00	GitLab Importer	Fixing	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.3.0
2026-04-11T23:07:40.346642+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.3.0
2026-04-04T14:32:15.142642+00:00	GHSA Importer	Fixing	VCID-5sf4-cx8k-guae	https://github.com/advisories/GHSA-rjhx-c9qh-qh8f	38.1.0
2026-04-02T23:22:37.491012+00:00	GitLab Importer	Fixing	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.1.0
2026-04-02T23:16:00.732075+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.1.0
2026-04-01T17:43:37.783214+00:00	GitLab Importer	Fixing	VCID-5sf4-cx8k-guae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2019-17091.yml	38.0.0
2026-04-01T17:36:05.294360+00:00	GitLab Importer	Affected by	VCID-ud7m-cc54-3qbv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.glassfish/javax.faces/CVE-2018-14371.yml	38.0.0
2026-04-01T13:11:29.445918+00:00	GithubOSV Importer	Fixing	VCID-5sf4-cx8k-guae	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rjhx-c9qh-qh8f/GHSA-rjhx-c9qh-qh8f.json	38.0.0