You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by Jakob Korherr <ja...@gmail.com> on 2011/11/22 16:58:49 UTC
JSF value expression injection vulnerability
Hi all,
As it turns out we have a pretty big security hole in JSF 2.x (myfaces and
mojarra).
Please check out my blog entry for further infos:
http://www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/
@leo: can you take care of the bug?
Regards,
Jakob
--
Jakob Korherr
blog: http://www.jakobk.com
twitter: http://twitter.com/jakobkorherr
work: http://www.irian.at