ElasticSearch v1.1.1/1.2 RCE

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search. Be aware this only violates the vendor's intended security policy if the user does not run...

EUVD-2013-6273

Malware in sbrugna...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.

Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

mvel: TimeOut error when calling ParseTools.subCompileExpression() function

DISPUTED A vulnerability was found in the ParseTools.subCompileExpression method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to...

Remote Code Execution

org.jeasy, easy-rules-mvel is vulnerable to Remote Code Execution RCE. The vulnerability is due to the execution of class files with the same name as the Zer file from methods then and when while loading Zer files into an application. An attacker can write a class file with same name as a Zer fil...

easy-rules-mvel vulnerable to remote code execution

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component mVELRule...

GHSA-FGWC-3J6W-CH22 easy-rules-mvel vulnerable to remote code execution

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component mVELRule...

cn.sparrowmini:sparrow-bpm (=0.0.1), cn.sparrowmini:sparrow-form (=0.0.1) +13 more potentially affected by CVE-2023-50571 via org.jeasy:easy-rules-mvel (>=4.0.0 <=4.1.0)

org.jeasy:easy-rules-mvel MAVEN version =4.0.0, =0.0.1, =0.0.1, =1.0, =2025.02, =2025.11, =2025.02, =2025.02, =2025.02, =2025.02, =3, =1.14.0, =1.14.0, =4.0.0, =4.1.0 Source cves: CVE-2023-50571 Source advisory: OSV:GHSA-FGWC-3J6W-CH22...

CVE-2023-50571

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component MVELRule...

CVE-2023-50571

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component MVELRule...

CVE-2023-50571

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component MVELRule...

Remote code execution

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component MVELRule...

SUSE CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

CVE-2023-50571

CVE-2023-50571 affects easy-rules-mvel v4.1.0, with a remote code execution (RCE) vulnerability exploitable via the MVELRule component. The available sources in the provided documents identify the affected software and the existence of RCE, but do not include concrete patch versions or remediatio...

PT-2023-31594 · Unknown · Easy-Rules-Mvel

Name of the Vulnerable Software and Affected Versions: easy-rules-mvel version 4.1.0 Description: The issue is related to a remote code execution RCE vulnerability via the component MVELRule. This allows for potential exploitation, but specific details about the estimated number of affected devic...

Easy Rules Security Vulnerability

Easy Rules is a Java rules engine from Jeasy open source. A security vulnerability exists in Easy Rules version v4.1.0, which originates from the ability to execute remote code via the component MVELRule...

CVE-2023-50571

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution RCE vulnerability via the component MVELRule...

CVE-2023-51079

DISPUTED A vulnerability was found in the ParseTools.subCompileExpression method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to...

ai.tock:bot-test (>=22.3.0 <=22.3.2), ai.tock:bot-test-base (>=22.3.0 <=22.3.2) +4892 more potentially affected by CVE-2023-51079 via org.mvel:mvel2 (>=2.0 <=2.5.0.Final)

org.mvel:mvel2 MAVEN version =2.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.2 and more Source cves: CVE-2023-51079 Source advisory: OSV:GHSA-H63J-XQX6-W58R...

CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...