CVE-2018-14667: Code Injection

November 6, 2018 (updated October 9, 2019)

The RichFaces Framework is vulnerable to Expression Language (EL) injection via the UserResource resource.

References

www.securitytracker.com/id/1042037
access.redhat.com/errata/RHSA-2018:3517
access.redhat.com/errata/RHSA-2018:3518
access.redhat.com/errata/RHSA-2018:3519
access.redhat.com/errata/RHSA-2018:3581
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667
nvd.nist.gov/vuln/detail/CVE-2018-14667

Detect and mitigate CVE-2018-14667 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →