oss-sec mailing list archives
CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces
From: David Jorm <djorm () redhat com>
Date: Tue, 29 Nov 2011 00:16:22 -0500 (EST)
It has been found that when includeViewParameters is set to true, JSF 2 as implemented by Mojarra and MyFaces will re-evaluate parameter/model values as EL expressions. Original bug: http://java.net/jira/browse/JAVASERVERFACES-2247 MyFaces bug: https://issues.apache.org/jira/browse/MYFACES-3405 Write-up/reproducer: http://www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/ Thanks -- David Jorm / Red Hat Security Response Team
Current thread:
- CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces David Jorm (Nov 28)