Eclipse Mojarra before version 2.3.14 is vulnerable to a path traversal flaw via either the loc parameter or the con parameter. An attacker could exploit this to read arbitrary files. It was reported as CVE-2019-0199, but it was an incomplete fix. Upstream Patch: https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741
External References: https://github.com/javaserverfaces/mojarra/issues/4364 https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24 https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 https://github.com/eclipse-ee4j/mojarra/issues/4571
Closed as duplicate with BZ1805006. *** This bug has been marked as a duplicate of bug 1805006 ***