Maven/Org.apache.myfaces.trinidad/Trinidad

Deserialization of Untrusted Data

CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.

Advisories for Maven/Org.apache.myfaces.trinidad/Trinidad package