CVE-2018-12532: Code Injection

June 18, 2018 (updated March 14, 2020)

JBoss RichFaces allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code.

References

www.securityfocus.com/bid/104503
nvd.nist.gov/vuln/detail/CVE-2018-12532

Detect and mitigate CVE-2018-12532 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →