CVE-2021-28170

Summary

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationJakarta Expression Language Implementationunspecified <= 3.0.3affected
The Eclipse FoundationJakarta Expression Language Implementationnext of 3.0.3 < unspecifiedunknown

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References