JSF value expression injection vulnerability

Tue, 22 Nov 2011 07:59:17 -0800 

Hi all,

As it turns out we have a pretty big security hole in JSF 2.x (myfaces and
mojarra).

Please check out my blog entry for further infos:
http://www.jakobk.com/2011/11/jsf-value-expression-injection-vulnerability/

@leo: can you take care of the bug?

Regards,
Jakob

-- 
Jakob Korherr

blog: http://www.jakobk.com
twitter: http://twitter.com/jakobkorherr
work: http://www.irian.at

Reply via email to