Balusc

Name of the Vulnerable Software and Affected Versions: Apache MyFaces Core versions 2.0.1 through 2.0.10 Apache MyFaces Core versions 2.1.0 through 2.1.4 Description: The issue allows remote attackers to inject EL expressions via crafted parameters, potentially leading to information disclosure. Recommendations: For Apache MyFaces Core versions 2.0.1 through 2.0.10, update to a version outside of this range to resolve the issue. For Apache MyFaces Core versions 2.1.0 through 2.1.4, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to parameters that can be used to inject EL expressions until a patch is available.