Vulnerability	Vulnerable Version
C Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') via the `CDNResourceHandler` when a wildcard CDN mapping is configured. An attacker can execute arbitrary code, disclose sensitive information, or cause a denial of service by submitting a crafted resource request URL containing an expression that is evaluated on the server side. How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')? Upgrade `org.omnifaces:omnifaces` to version 1.14.2, 2.7.32, 3.14.16, 4.7.5, 5.2.3 or higher.	[,1.14.2)[2.0-RC1,2.7.32)[3.0-RC1,3.14.16)[4.0-M1,4.7.5)[5.0-M1,5.2.3)

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') via the CDNResourceHandler when a wildcard CDN mapping is configured. An attacker can execute arbitrary code, disclose sensitive information, or cause a denial of service by submitting a crafted resource request URL containing an expression that is evaluated on the server side.

How to fix Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')?

Upgrade org.omnifaces:omnifaces to version 1.14.2, 2.7.32, 3.14.16, 4.7.5, 5.2.3 or higher.

[,1.14.2)[2.0-RC1,2.7.32)[3.0-RC1,3.14.16)[4.0-M1,4.7.5)[5.0-M1,5.2.3)

Go back to all versions of this package