Java Server Faces is vulnerable to expression language injection. The vulnerability is possible when includeViewParameters
is set to true on a navigation case.
www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
www.securitytracker.com/id?1027277
bugzilla.redhat.com/show_bug.cgi?id=757980
github.com/javaserverfaces/mojarra/commit/082c5fe3504ef49419c9b74eaac31a73413af809
github.com/jboss/mojarra/commit/df7b4cb4aacb4f4582bcf0ef73abaf21693f7201
java.net/jira/browse/JAVASERVERFACES-2247