3 matches found
CVE-2026-40985
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...
EUVD-2026-36200
Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through 2.5.1...
PT-2026-48613
Name of the Vulnerable Software and Affected Versions Spring Web Flow version 4.0.0 Spring Web Flow versions 3.0.0 through 3.0.1 Spring Web Flow versions 2.5.0 through 2.5.1 Description Applications that configure the WebFlowELExpressionParser are susceptible to the use of malicious Unified EL...