CVE-2021-28170
N/A
N/A
Summary
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| The Eclipse Foundation | Jakarta Expression Language Implementation | unspecified <= 3.0.3 | affected |
| The Eclipse Foundation | Jakarta Expression Language Implementation | next of 3.0.3 < unspecified | unknown |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/eclipse-ee4j/el-ri/issues/155
- https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
- https://www.oracle.com/security-alerts/cpuapr2022.html
References
- https://github.com/eclipse-ee4j/el-ri/issues/155
- https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
- https://www.oracle.com/security-alerts/cpuapr2022.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.