Vulnerabilities

CVE-2018-14667

by Fred · 06/11/2018

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Date published : 2018-11-06

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667

http://seclists.org/fulldisclosure/2020/Mar/21

Similar

Tags: Cybersecurity Alert