Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
3.0.0, 3.0.0-alpha
Description
MyFaces Portlet Bridge has a security vulnerability in which the _jsfBridgeViewId, __jpfbJSFTARGET, and __jpfbJSFResTARGET request parameter values are not restricted to valid filename characters.