Critical severity9.8NVD Advisory· Published Jun 18, 2018· Updated Jun 17, 2026
CVE-2018-12532
CVE-2018-12532
Description
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.richfaces:richfaces-coreMaven | >= 4.5.3.Final, <= 4.5.17.Final | — |
Affected products
1Patches
Vulnerability mechanics
References
5- codewhitesec.blogspot.com/2018/05/poor-richfaces.htmlnvdExploitThird Party AdvisoryWEB
- www.securityfocus.com/bid/104503nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-3hx6-fqpj-xfjrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-12532ghsaADVISORY
- seclists.org/fulldisclosure/2020/Mar/21nvdWEB
News mentions
0No linked articles in our index yet.