Vulnerability in N/a
CVE-2020-6950
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
EPSS: 0.517 (98.0th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- www.oracle.com/security-alerts/cpuoct2021.html (x_refsource_MISC)
- github.com/eclipse-ee4j/mojarra/issues/4571 (x_refsource_MISC)
- github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 (x_refsource_MISC)
- bugs.eclipse.org/bugs/show_bug.cgi (x_refsource_MISC)
- www.oracle.com/security-alerts/cpujan2022.html (x_refsource_MISC)
- www.oracle.com/security-alerts/cpuapr2022.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-6950?
- CVE-2020-6950 is a vulnerability in N/a. Published 2021-06-02.
- Is CVE-2020-6950 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.