CVE-2018-12532

2018-06-18T12:29:00
ID CVE-2018-12532
Type cve
Reporter cve@mitre.org
Modified 2020-08-24T17:37:00

Description

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.