New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deserialization vulnerability in Richfaces JSF library version 3.3.3 #101

Closed

ganesh-at-wiw opened this issue Dec 1, 2015 · 1 comment

Assignees

Contributor

ganesh-at-wiw commented Dec 1, 2015

oxAuth-RP application uses Richfaces 3.3.3.Final JSF library. This implementation has a vulnerability related to deserialization that was reported in 2013 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2165).

Suggested measures to take care of vulnerability are:

Upgrade commons-collections library from version 3.2 to version 3.2.2.
Upgrade Richfaces libraries from 3.3.3.Final to 3.3.4.Final.

ganesh-at-wiw assigned yurem

Contributor Author

ganesh-at-wiw commented Dec 1, 2015

Yure has already taken care of this.

ganesh-at-wiw closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment