Tag
A server-side EL injection vulnerability exists in OmniFaces when using CDNResourceHandler with wildcard CDN mappings, allowing attackers to inject EL expressions in resource names leading to potential remote code execution, information disclosure, or denial of service.