mailing list archives
CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces
From: David Jorm <djorm () redhat com>
Date: Tue, 29 Nov 2011 00:16:22 -0500 (EST)
It has been found that when includeViewParameters is set to true, JSF 2 as implemented by Mojarra and MyFaces will
re-evaluate parameter/model values as EL expressions.
David Jorm / Red Hat Security Response Team
- CVE request: includeViewParameters re-evaluates param/model values as EL expressions on Mojarra/MyFaces David Jorm (Nov 29)