CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
Configurations

Configuration 1

cpe:2.3:a:redhat:richfaces:*:*:*:*:*:*:*:*

Information

Published : 2018-06-18 12:29

Updated : 2020-08-24 05:37


NVD link : CVE-2018-12533

Mitre link : CVE-2018-12533

Products Affected
No products.
CWE
CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')