ASA-2018-00051 – RichFaces: Unauthenticated remote code execution via expression language (EL) in UserResource

RichFaces Framework 3.X through 3.3.4 (all versions) is vulnerable to Expression Language (EL) Injection via UserResource resource, allowing an unauthenticated remote attacker to execute Java arbitrary code and potentially OS commanding using a special chain of java serialized objects inside a org.ajax4jsf.resource.UserResource$UriData.