Critical severityCISA KEVNVD Advisory· Published Nov 6, 2018· Updated Oct 21, 2025
CVE-2018-14667
CVE-2018-14667
Description
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.richfaces:richfaces-coreMaven | < 3.3.4 | 3.3.4 |
Patches
11372eb716c1aRF-13608: Renamed "framework" to "core"
300 files changed · +9 −9
core/pom.xml+0 −0 renamedcore/src/main/java/org/ajax4jsf/component/AjaxClientBehavior.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/component/AjaxOutput.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/component/IterationStateHolder.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/component/JavaScriptParameter.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/component/package-info.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/ByteBuffer.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/CharBuffer.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/FastBufferInputStream.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/FastBufferOutputStream.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/FastBufferReader.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/FastBufferWriter.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/package-info.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/SAXResponseWriter.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/io/XMLResponseWriterState.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/FunctionDefWithDependencies.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSChainJSFFunction.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSEncoder.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSFunctionDefinition.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSFunction.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSLiteral.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSObject.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSReference.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/JSWithDependencies.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/package-info.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/PropertyUtils.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/ResponseWriterWrapper.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/ScriptStringBase.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/ScriptString.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/ScriptUtils.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/javascript/ScriptWithDependencies.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/Messages.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/DataComponentState.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/DataVisitor.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/DataVisitResult.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/ExtendedDataModel.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/package-info.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/Range.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/SequenceDataModel.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/SequenceRange.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/model/SequenceState.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/package-info.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/resource/util/package-info.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/resource/util/URLToStreamHelper.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/BinaryDecoder.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/BinaryEncoder.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/Codec.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/DecoderException.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/Decoder.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/EncoderException.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/Encoder.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/package-info.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/URL64Codec.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/base64/URLCodec.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/HtmlColor.java+0 −0 renamedcore/src/main/java/org/ajax4jsf/util/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/annotation/Experimental.java+0 −0 renamedcore/src/main/java/org/richfaces/annotation/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/application/CacheProvider.java+0 −0 renamedcore/src/main/java/org/richfaces/application/configuration/ConfigurationItem.java+0 −0 renamedcore/src/main/java/org/richfaces/application/configuration/ConfigurationItemsBundle.java+0 −0 renamedcore/src/main/java/org/richfaces/application/configuration/ConfigurationItemSource.java+0 −0 renamedcore/src/main/java/org/richfaces/application/configuration/ConfigurationServiceHelper.java+0 −0 renamedcore/src/main/java/org/richfaces/application/configuration/ConfigurationServiceImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/configuration/ConfigurationService.java+0 −0 renamedcore/src/main/java/org/richfaces/application/configuration/ValueExpressionHolder.java+0 −0 renamedcore/src/main/java/org/richfaces/application/CoreConfiguration.java+0 −0 renamedcore/src/main/java/org/richfaces/application/CoreMessages.java+0 −0 renamedcore/src/main/java/org/richfaces/application/DefaultModule.java+0 −0 renamedcore/src/main/java/org/richfaces/application/DependencyInjectorImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/DependencyInjector.java+0 −0 renamedcore/src/main/java/org/richfaces/application/GlobalResourcesViewHandler.java+0 −0 renamedcore/src/main/java/org/richfaces/application/Initializable.java+0 −0 renamedcore/src/main/java/org/richfaces/application/InitializationListener.java+0 −0 renamedcore/src/main/java/org/richfaces/application/MessageFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/MessageFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/application/Module.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/DestroyableSession.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/EventAbortedException.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/AbstractTopic.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/DefaultMessageDataSerializer.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/jms/JMSTopicsContextImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/MessageDataScriptString.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/PushContextFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/PushContextImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/RequestImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/SessionFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/SessionImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/SessionManagerImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/SessionQueue.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/TopicImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/impl/TopicsContextImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/MessageData.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/MessageDataSerializer.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/MessageException.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/PushContextFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/PushContextInitializationException.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/PushContext.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/Request.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SessionFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/Session.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SessionManager.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SessionPreSubscriptionEvent.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SessionSubscriptionEvent.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SessionTopicEvent.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SessionTopicListener2.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SessionUnsubscriptionEvent.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/SubscriptionFailureException.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/TopicEvent.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/Topic.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/TopicKey.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/TopicListener.java+0 −0 renamedcore/src/main/java/org/richfaces/application/push/TopicsContext.java+0 −0 renamedcore/src/main/java/org/richfaces/application/ServiceException.java+0 −0 renamedcore/src/main/java/org/richfaces/application/ServiceLoader.java+0 −0 renamedcore/src/main/java/org/richfaces/application/ServicesFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/application/ServicesFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/application/ServiceTracker.java+0 −0 renamedcore/src/main/java/org/richfaces/application/Uptime.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/CacheFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/Cache.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/CacheManager.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/EhCacheCacheFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/EhCacheCache.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/JBossCacheCacheFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/JBossCacheCache.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/lru/CacheEntry.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/lru/CacheMap.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/lru/LRUMapCacheFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/lru/LRUMapCache.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/lru/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/OSCacheCacheFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/OSCacheCache.java+0 −0 renamedcore/src/main/java/org/richfaces/cache/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/producer/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/producer/TopicsContextProducer.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/PushCDIDependencyRegistrationExtension.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/PushCDIExtension.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/PushCDIMessageException.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/Push.java+0 −0 renamedcore/src/main/java/org/richfaces/cdi/push/TopicKeyResolver.java+0 −0 renamedcore/src/main/java/org/richfaces/component/AjaxContainer.java+0 −0 renamedcore/src/main/java/org/richfaces/component/ComponentIterators.java+0 −0 renamedcore/src/main/java/org/richfaces/component/ComponentPredicates.java+0 −0 renamedcore/src/main/java/org/richfaces/component/MetaComponentEncoder.java+0 −0 renamedcore/src/main/java/org/richfaces/component/MetaComponentProcessor.java+0 −0 renamedcore/src/main/java/org/richfaces/component/MetaComponentResolver.java+0 −0 renamedcore/src/main/java/org/richfaces/component/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/component/UIResource.java+0 −0 renamedcore/src/main/java/org/richfaces/component/UIScripts.java+0 −0 renamedcore/src/main/java/org/richfaces/component/UITransient.java+0 −0 renamedcore/src/main/java/org/richfaces/component/VisitChildrenRejectable.java+0 −0 renamedcore/src/main/java/org/richfaces/context/BaseExtendedVisitContext.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ClientIdFunctionEvaluator.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ComponentCallback.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ComponentIdResolver.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ComponentIdResolverNode.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ContextUtils.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ExecuteComponentCallback.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ExecuteExtendedVisitContext.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ExtendedPartialViewContextFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ExtendedPartialViewContextImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ExtendedPartialViewContext.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ExtendedVisitContext.java+0 −0 renamedcore/src/main/java/org/richfaces/context/ExtendedVisitContextMode.java+0 −0 renamedcore/src/main/java/org/richfaces/context/FullVisitContext.java+0 −0 renamedcore/src/main/java/org/richfaces/context/IdParser.java+0 −0 renamedcore/src/main/java/org/richfaces/context/IdSplitIterator.java+0 −0 renamedcore/src/main/java/org/richfaces/context/NamingContainerVisitContext.java+0 −0 renamedcore/src/main/java/org/richfaces/context/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/context/PartialResponseWriterWrapper.java+0 −0 renamedcore/src/main/java/org/richfaces/context/PartialViewContextAjaxOutputTracker.java+0 −0 renamedcore/src/main/java/org/richfaces/context/PartialViewExecuteVisitCallback.java+0 −0 renamedcore/src/main/java/org/richfaces/context/PartialViewRenderVisitCallback.java+0 −0 renamedcore/src/main/java/org/richfaces/context/RenderComponentCallback.java+0 −0 renamedcore/src/main/java/org/richfaces/context/RenderExtendedVisitContext.java+0 −0 renamedcore/src/main/java/org/richfaces/context/RowsFunctionContextCallback.java+0 −0 renamedcore/src/main/java/org/richfaces/context/SkinningExternalContextFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/el/BaseReadOnlyValueExpression.java+0 −0 renamedcore/src/main/java/org/richfaces/el/CapturingELResolver.java+0 −0 renamedcore/src/main/java/org/richfaces/el/ELContextWrapper.java+0 −0 renamedcore/src/main/java/org/richfaces/el/ELResolverWrapper.java+0 −0 renamedcore/src/main/java/org/richfaces/el/GenericsIntrospectionServiceImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/el/GenericsIntrospectionService.java+0 −0 renamedcore/src/main/java/org/richfaces/el/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/el/util/ConstantValueExpression.java+0 −0 renamedcore/src/main/java/org/richfaces/el/util/ELUtils.java+0 −0 renamedcore/src/main/java/org/richfaces/el/util/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/focus/FocusManager.java+0 −0 renamedcore/src/main/java/org/richfaces/focus/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/javascript/JavaScriptServiceImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/javascript/JavaScriptService.java+0 −0 renamedcore/src/main/java/org/richfaces/javascript/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/javascript/ScriptsHolder.java+0 −0 renamedcore/src/main/java/org/richfaces/JsfVersion.java+0 −0 renamedcore/src/main/java/org/richfaces/l10n/BundleLoader.java+0 −0 renamedcore/src/main/java/org/richfaces/l10n/InterpolationException.java+0 −0 renamedcore/src/main/java/org/richfaces/l10n/MessageBundle.java+0 −0 renamedcore/src/main/java/org/richfaces/l10n/MessageInterpolator.java+0 −0 renamedcore/src/main/java/org/richfaces/l10n/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/log/JavaLogger.java+0 −0 renamedcore/src/main/java/org/richfaces/log/LogFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/log/Logger.java+0 −0 renamedcore/src/main/java/org/richfaces/log/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/log/RichfacesLogger.java+0 −0 renamedcore/src/main/java/org/richfaces/model/CollectionDataModel.java+0 −0 renamedcore/src/main/java/org/richfaces/model/Filter.java+0 −0 renamedcore/src/main/java/org/richfaces/model/NoRowAvailableException.java+0 −0 renamedcore/src/main/java/org/richfaces/model/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/AjaxConstants.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/AjaxDataSerializerImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/AjaxDataSerializer.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/BaseGradient.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/HtmlConstants.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/BaseControlBackgroundImage.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/ButtonBackgroundImage.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/ButtonDisabledBackgroundImage.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/ButtonHoverBackgroundImage.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/GradientAlignment.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/GradientType.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/InputBackgroundImage.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/InputErrorIcon.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/OneColorBasedResource.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/StandardButtonBgImage.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/images/StandardButtonPressedBgImage.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/ResourceLibraryRenderer.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/ResourceRenderer.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/html/ScriptsRenderer.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/MetaComponentRenderer.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/util/ColorUtils.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/util/CoreAjaxRendererUtils.java+0 −0 renamedcore/src/main/java/org/richfaces/renderkit/util/HtmlDimensions.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/AbstractBaseResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/AbstractCacheableResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/AbstractJava2DUserResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/AbstractJSONResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/AbstractUserResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/BaseResourceWrapper.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/CacheableResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/CachedResourceImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/CompiledCSSResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ContentProducerResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/css/AbstractCSSVisitor.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/css/CSSVisitorImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/css/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/DefaultCodecResourceRequestData.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/DefaultResourceCodec.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/DynamicResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/DynamicUserResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/external/MappedResourceFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/external/MappedResourceFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/external/package-info.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/external/ResourceTrackerForMojarra.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/external/ResourceTrackerForMyFaces.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/external/ResourceTrackerImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/external/ResourceTracker.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ImageType.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/Java2DAnimatedUserResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/Java2DAnimatedUserResourceWrapperImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/Java2DUserResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/Java2DUserResourceWrapperImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/PropertiesMappingConfiguration.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/PropertiesResourceMapper.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/ResourceAggregator.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/ResourceLoadingOptimizationConfiguration.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/ResourceMapper.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/ResourceMappingConfiguration.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/ResourceMapping.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/mapping/ResourcePath.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/PostConstructResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceCodec.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceHandlerImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceKey.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceLibraryFactoryImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceLibraryFactory.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceLibrary.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceParameterELResolver.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceParameter.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceRequestData.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceSkinUtils.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/ResourceUtils.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/SerializableResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/StateHolderResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/StaticResourceLibrary.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/URLResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/UserResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/UserResourceWrapperImpl.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/VersionedResource.java+0 −0 renamedcore/src/main/java/org/richfaces/resource/Xcss2EcssConverter.java+0 −0 renamedcore/src/main/java/org/richfaces/ServletVersion.java+0 −0 renamedcore/src/main/java/org/richfaces/VersionBean.java+0 −0 renamedNOTICE.txt+8 −8 modified@@ -1,13 +1,13 @@ This product includes Apache licensed software -framework/src/main/java/org/richfaces/base64/DecoderException.java -framework/src/main/java/org/richfaces/base64/URLCodec.java -framework/src/main/java/org/richfaces/base64/Decoder.java -framework/src/main/java/org/richfaces/base64/Encoder.java -framework/src/main/java/org/richfaces/base64/EncoderException.java -framework/src/main/java/org/richfaces/base64/URL64Codec.java -framework/src/main/java/org/richfaces/base64/BinaryEncoder.java -framework/src/main/java/org/richfaces/base64/BinaryDecoder.java +core/src/main/java/org/richfaces/base64/DecoderException.java +core/src/main/java/org/richfaces/base64/URLCodec.java +core/src/main/java/org/richfaces/base64/Decoder.java +core/src/main/java/org/richfaces/base64/Encoder.java +core/src/main/java/org/richfaces/base64/EncoderException.java +core/src/main/java/org/richfaces/base64/URL64Codec.java +core/src/main/java/org/richfaces/base64/BinaryEncoder.java +core/src/main/java/org/richfaces/base64/BinaryDecoder.java contains source code from http://commons.apache.org/proper/commons-codec/ Copyright (C) 2002-2004 The Apache Software Foundation
TESTS.md+1 −1 modified@@ -38,7 +38,7 @@ Running particular framework test (on Chrome) from console: java -jar selenium-server-standalone-${VERSION}.jar -Dwebdriver.chrome.driver=/opt/google/chrome/chromedriver // console 3: run a test - cd richfaces/framework/ + cd richfaces/core/ mvn verify -Dintegration=wildfly80-remote -Dbrowser=chrome -Dreusable -DskipTests=true -Dtest=IT_RF12765 You can also add following parameters to skip CDK build and/or Resource Optimization and/or disable unit tests:
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
12- access.redhat.com/errata/RHSA-2018:3517ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:3518ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:3519ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:3581ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-j7mw-7crr-658vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-14667ghsaADVISORY
- packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.htmlghsax_refsource_MISCWEB
- seclists.org/fulldisclosure/2020/Mar/21ghsamailing-listx_refsource_FULLDISCWEB
- www.securitytracker.com/id/1042037mitrevdb-entryx_refsource_SECTRACK
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/richfaces/richfaces/commit/1372eb716c1a215a5af124198f21bde33fafad06ghsaWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalogghsaWEB
News mentions
0No linked articles in our index yet.