CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 up to and including 1.0.13, 1.2.x prior to 1.2.15, 2.0.x prior to 2.0.2, and 2.1.x prior to 2.1.2 might allow malicious users to conduct deserialization attacks via a crafted serialized view state string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache myfaces trinidad |