CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
Configurations

Configuration 1

cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*

Information

Published : 2018-06-18 12:29

Updated : 2020-08-24 05:37


NVD link : CVE-2018-12532

Mitre link : CVE-2018-12532

Products Affected
No products.
CWE
CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')