Maven/Org.richfaces.ui/Richfaces-Ui | GitLab Advisory Database

Deserialization of Untrusted Data

ResourceBuilderImpl.java does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.

Advisories for Maven/Org.richfaces.ui/Richfaces-Ui package