CVE-2018-12533: Code Injection

June 18, 2018 (updated March 14, 2020)

JBoss RichFaces allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code.

References

www.securityfocus.com/bid/104502
www.securitytracker.com/id/1041617
nvd.nist.gov/vuln/detail/CVE-2018-12533

Detect and mitigate CVE-2018-12533 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →