-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: liferay-faces-3.0.0-legacy-ga1, liferay-faces-3.0.1-legacy-ga2, liferay-faces-3.0.2-legacy-ga3, liferay-faces-3.0.3-legacy-ga4, liferay-faces-3.0.4-legacy-ga5, liferay-faces-3.0.0-ga1, liferay-faces-3.0.1-ga2, liferay-faces-3.0.2-ga3, liferay-faces-3.0.3-ga4, liferay-faces-3.0.4-ga5, liferay-faces-3.1.0-ga1, liferay-faces-3.1.1-ga2, liferay-faces-3.1.2-ga3, liferay-faces-3.1.3-ga4, liferay-faces-3.1.4-ga5, liferay-faces-3.2.4-ga5, liferay-faces-4.2.5-ga6
-
Component/s: Liferay Faces Bridge Impl / Demos / Tests
-
Labels:None
Liferay Faces Bridge has a security vulnerability in which the _jsfBridgeViewId, _facesViewIdRender, and _facesViewIdResource request parameter values are not restricted to valid filename characters.