20 matches found
CVE-2026-3911
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...
CVE-2026-3911
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from a flaw in the UserResource component. This vulnerability could allow authenticated users with the view-users role to improperly retrieve user...
EUVD-2021-8629
Malicious code in bioql PyPI...
Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability
Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...
GHSA-J7MW-7CRR-658V Richfaces vulnerable to arbitrary code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
Richfaces vulnerable to arbitrary code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2021-21246 Pre-Auth Access token leak
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the /users/id endpoint there are no security checks enforced so it is possible to retrieve...
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
Remote Code Execution (RCE)
richfaces is vulnerable to Remote code Execution RCE attacks. The vulnerability is due to improper Expression Language EL sanitization in the UserResource class. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects gadget chains...
Richfaces 3.x Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2018-14667
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
Code injection
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
CVE-2018-14667
CVE-2018-14667 affects Red Hat JBoss RichFaces Framework 3.X up to 3.3.4, introducing an EL injection via UserResource$UriData that enables remote, unauthenticated code execution. The issue arises from EL expression handling in the UserResource resource, allowing a chain of Java serialized object...
Critical: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 5 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
RichFaces: Expression Language injection via UserResource allows for unauthenticated remote code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
PT-2018-12653 · Red Hat · Red Hat Jboss Richfaces Framework
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss RichFaces Framework versions 3.X through 3.3.4 Description: The issue is related to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code...