First published: Tue Aug 08 2017(Updated: )
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.apache.myfaces.core:myfaces-core-module | >=2.1.0<=2.1.4 | 2.1.5 |
maven/org.apache.myfaces.core:myfaces-core-module | >=2.0.1<=2.0.10 | 2.0.11 |
Apache MyFaces | =2.0.1 | |
Apache MyFaces | =2.0.2 | |
Apache MyFaces | =2.0.3 | |
Apache MyFaces | =2.0.4 | |
Apache MyFaces | =2.0.5 | |
Apache MyFaces | =2.0.6 | |
Apache MyFaces | =2.0.7 | |
Apache MyFaces | =2.0.8 | |
Apache MyFaces | =2.0.9 | |
Apache MyFaces | =2.0.10 | |
Apache MyFaces | =2.1.0 | |
Apache MyFaces | =2.1.1 | |
Apache MyFaces | =2.1.2 | |
Apache MyFaces | =2.1.3 | |
Apache MyFaces | =2.1.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.