You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by Jakob Korherr <ja...@gmail.com> on 2011/11/22 16:58:49 UTC

JSF value expression injection vulnerability

Hi all,

As it turns out we have a pretty big security hole in JSF 2.x (myfaces and
mojarra).

Please check out my blog entry for further infos:
http://www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/

@leo: can you take care of the bug?

Regards,
Jakob

-- 
Jakob Korherr

blog: http://www.jakobk.com
twitter: http://twitter.com/jakobkorherr
work: http://www.irian.at