CVE-2024-0715

Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03...

Hitachi Global Link Manager Security Vulnerability

Hitachi Global Link Manager is a storage system management tool from Hitachi, Japan. A security vulnerability exists in Hitachi Global Link Manager on Windows versions prior to 8.8.7-03, which stems from an expression language injection vulnerability...

springframework: Spring Expression DoS Vulnerability

A flaw found was found in Spring Framework. This flaw allows a malicious user to use a specially crafted SpEL expression that causes a denial of service DoS...

The vulnerability of the Spring Framework software platform, related to unlimited resource distribution, allows attackers to trigger service failures.

The vulnerability of the Spring Framework software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using a specially created SpEL expression...

PT-2024-1904 · Hitachi · Hitachi Global Link Manager

Name of the Vulnerable Software and Affected Versions: Hitachi Global Link Manager versions prior to 8.8.7-03 Description: The issue is related to an Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows, allowing code injection. This vulnerability can be exploited...

Code Injection

ShifuM is vulnerable to Code Injection. The vulnerability is due to improper handling of the FilterExpression argument within the Java Expression Language Handler in the src/main/java/ml/shifu/shifu/core/DataPurifier.java file. This issue can be exploited by an attacker by manipulating the...

GHSA-5FPQ-3C9P-3R3W ShifuML shifu code injection vulnerability

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

ShifuML shifu code injection vulnerability

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

Code injection

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148 ShifuML shifu Java Expression Language DataPurifier.java code injection

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument...

CVE-2023-7148

Summary of CVE-2023-7148 (ShifuML Shifu 0.12.0) : The vulnerability affects the Java Expression Language Handler, specifically the file src/main/java/ml/shifu/shifu/core/DataPurifier.java, where manipulation of the FilterExpression argument enables code injection. This can be exploited remotely; ...

PT-2023-32909 · Unknown · Shifuml Shifu

Name of the Vulnerable Software and Affected Versions: ShifuML shifu version 0.12.0 Description: A critical vulnerability has been found in the Java Expression Language Handler component, specifically in the file src/main/java/ml/shifu/shifu/core/DataPurifier.java. The manipulation of the...

MVEL Security Vulnerabilities

MVEL is a hybrid dynamic/static typed, embeddable expression language and Java platform runtime open-sourced by MVEL. A security vulnerability exists in MVEL v2.5.0 Final that stems from a timeout error in the ParseTools.subCompileExpression method...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

开源工具 SpringBoot-Scan 的GUI图形化版本，对你有用的话麻烦点个Star哈哈 注意：本工具内置相关漏洞的Exp，杀软报毒属于正常现象！ 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...

(0Day) Voltronic Power ViewPower Pro Expression Language Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Struts2 dependency. The issue results from the use of a library that i...

PT-2023-8168 · Voltronic Power +1 · Voltronic Power Viewpower +1

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower Pro affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...

PT-2023-35623 · Spring · Spring

Name of the Vulnerable Software and Affected Versions: Spring versions affected versions not specified Description: The issue is related to a security exception in the org.springframework.expression.spel.ast.OpPlus.getValueInternal function. It involves the...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963-Poc-Bearcules This is a POC for CVE-2022-229...

VulnCheck KEV: CVE-2018-14667

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via...