CVE-2011-4343 – org.apache.myfaces.core:myfaces-core-module

Package

Manager: maven
Name: org.apache.myfaces.core:myfaces-core-module
Vulnerable Version: >=2.0.1 <2.0.11 || >=2.1.0 <2.1.5

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00408 pctl0.6042

Details

Apache MyFaces Vulnerable to EL Injection Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.

Metadata

Created: 2022-05-17T00:29:01Z
Modified: 2024-01-17T22:25:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jq6g-p65r-44xr/GHSA-jq6g-p65r-44xr.json
CWE IDs: ["CWE-200", "CWE-917"]
Alternative ID: GHSA-jq6g-p65r-44xr
Finding: F308
Auto approve: 1