CVE-2018-12532

Published: 2018-06-18T12:29Z

Last Modified: 2024-11-21T03:45Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt