VYPR

Maven package

org.apache.myfaces.core/myfaces-core-module

pkg:maven/org.apache.myfaces.core/myfaces-core-module

Vulnerabilities (3)

  • CVE-2021-26296Feb 19, 2021
    affected < 2.0.25fixed 2.0.25

    In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although diffic

  • CVE-2011-4343HigAug 8, 2017
    affected >= 2.0.1, < 2.0.11fixed 2.0.11

    Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.

  • CVE-2010-2086May 27, 2010
    affected <= 1.1.7

    Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statem