VYPR
Critical severity9.8NVD Advisory· Published Jun 18, 2018· Updated Jun 17, 2026

CVE-2018-12532

CVE-2018-12532

Description

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.richfaces:richfaces-coreMaven
>= 4.5.3.Final, <= 4.5.17.Final

Affected products

1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.