VYPR

Maven package

org.richfaces/richfaces-core

pkg:maven/org.richfaces/richfaces-core

Vulnerabilities (3)

  • CVE-2018-14667KEVNov 6, 2018
    affected < 3.3.4fixed 3.3.4

    The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserReso

  • CVE-2018-12533CriJun 18, 2018
    affected >= 3.1.0, <= 3.3.4

    JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.

  • CVE-2018-12532CriJun 18, 2018
    affected >= 4.5.3.Final, <= 4.5.17.Final

    JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.