Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j7mw-7crr-658v

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 9.8

Описание

Richfaces vulnerable to arbitrary code execution

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Ссылки

Пакеты

Наименование

org.richfaces:richfaces-core

maven
Затронутые версииВерсия исправления

< 3.3.4

3.3.4

EPSS

Процентиль: 100%
0.89374
Высокий

9.8 Critical

CVSS3

CVE ID

CVE-2018-14667

Дефекты

CWE-94

Связанные уязвимости

redhat логотип

CVE-2018-14667

CVSS3: 9.8
redhat
больше 7 лет назад

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

nvd логотип

CVE-2018-14667

CVSS3: 9.8
nvd
больше 7 лет назад

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

EPSS

Процентиль: 100%
0.89374
Высокий

9.8 Critical

CVSS3

CVE ID

CVE-2018-14667

Дефекты

CWE-94