EUVD-2013-6273

Malware in sbrugna...

MVEL Security Vulnerabilities

MVEL is a hybrid dynamic/static typed, embeddable expression language and Java platform runtime open-sourced by MVEL. A security vulnerability exists in MVEL v2.5.0 Final that stems from a timeout error in the ParseTools.subCompileExpression method...

Design/Logic Flaw

JBoss Overlord Run Time Governance RTGov 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. NOTE: some of these details are obtained from third party information...

PT-2014-3131 · Mozilla +1 · Mvel +1

Name of the Vulnerable Software and Affected Versions: JBoss Overlord Run Time Governance RTGov version 1.0 for JBossAS Description: The issue allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. Recommendations: For JBoss Overlord Ru...

Drools: Remote Java Code Execution in MVEL

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...