org.apache.myfaces.core:myfaces-core-module

Maven3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.apache.myfaces.core:myfaces-core-modulepage 1 of 1

CVE-2010-2086NONECVSS 0.0EG 0.0
2010-05-27
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute …
CVE-2011-4343HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.5
2017-08-08
Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.
CVE-2021-26296HIGHCVSS 7.5EG 7.5✓ Fixed in 2.3.8
2021-02-19
vulnerable: 2.3-next-M1 ... 2.3.7 (16 versions)
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that li…

Check whether org.apache.myfaces.core:myfaces-core-module is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.myfaces.core:myfaces-core-module CVEs against the assets you own.

Start Free Scan →