OmniFaces: EL injection via crafted resource name in wildcard CDN mapping
Server-side EL injection leading to Remote Code Execution (RCE). Affects applications that use CDNResourceHandler with a wildcard CDN mapping (e.g. libraryName:=https://cdn.example.com/). An attacker can craft a resource request URL containing an EL expression in the resource name, which is evaluated server-side. The severity depends on the EL implementation and the objects available in the EL context. In the worst case this leads to Remote Code Execution (RCE). At minimum it …