Vulnerabilities > Apache > Myfaces Trinidad > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-5019 Deserialization of Untrusted Data vulnerability in Apache Myfaces Trinidad
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.
network
low complexity
apache CWE-502
critical
9.8