Skip to content

CVE-2017-1000486: Potential EL Injection #1152

Closed
@n0def

Description

@n0def

As already shared privately last year "/org/primefaces/application/resource/StreamedContentHandler.java" is to vulnerable to remote exploitable code execution through EL Injection

You can find more information here:
http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html

Metadata

Metadata

Assignees

Labels

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions