GHSA-GH38-X2WM-XMC8 Code injection in ShenYu

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1...

Apache ShenYu 代码注入漏洞

Apache ShenYu is an asynchronous , high-performance , cross-language , responsive API gateway of the United States Apache Apache Foundation . Apache ShenYu has a code injection vulnerability in versions 2.4.0 and 2.4.1 that stems from an improperly designed or implemented code development process...

PrimeFaces 4.0.x < 4.0.25 / 5.x < 5.2.21 / 5.3.x < 5.3.8 Expression Language Injection

In affected versions of PrimeFaces, an expression language injection vulnerability exists that would allow an unauthenticated user to execute arbitrary code due to a weak encryption flaw. No source data...

CVE-2021-43836 PHP file inclusion in the Sulu admin panel

Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions an attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. The problem is patched with the Versions 1.6.44, 2.2.18...

Exploit for Expression Language Injection in Apache Log4J

tejas-nagchandi/CVE-2021-45046 Attack !imagehttps://use...

Exploit for Expression Language Injection in Apache Log4J

Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046 Attack...

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

" l...

CVE-2021-23258 Spring SPEL Expression Language Injection

Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to execute arbitrary commands remotely RCE...

VMware Spring Cloud Netflix 代码注入漏洞

Vmware VMware Spring Cloud Netflix is a service from Vmware, Inc. It provides Netflix OSS integration for Spring Boot applications by automatically configuring and binding to the Spring Environment and other Spring programming model idioms. A security vulnerability exists in VMware Spring Cloud...

Cron Utils 代码注入漏洞

Cron Utils is Jmrozanec individual developers of a Java code base for validating , parsing , migrating Cron expressions . A code injection vulnerability exists in Cron Utils that allows an attacker to inject arbitrary Java EL expressions to execute remote code...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 CVE-2021-26084，Atlassian Confluence OGNL注入漏洞 A...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Confluence remote code execution RCE...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Introduction This write-up provides an over...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 Introduction This write-up provides an over...

GHSA-V6W3-2PRQ-H95F Improper Input Validation in Jakarta Expression Language

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

Improper Input Validation in Jakarta Expression Language

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...

jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid...