JBoss RichFaces 4.5.3 up to and including 4.5.17 allows unauthenticated remote malicious users to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat richfaces |