-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.richfaces:richfaces-core | maven | < 3.3.4 | 3.3.4 |
Miggo AIRoot Cause AnalysisThe vulnerability centers on EL injection during deserialization of UserResource$UriData objects. The primary vulnerable function is the readObject method where deserialization occurs without proper validation. The getELContext method is implicated as it would be involved in expression evaluation context setup. These functions would appear in stack traces when processing malicious serialized payloads through the UserResource endpoint.