2 matches found
UBUNTU-CVE-2026-4867
Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...
Expression Language Injection
Overview Affected versions of this package are vulnerable to Expression Language Injection in route definitions. An attacker with permission to define routes can expose the server's file structure or other sensitive environment variables by crafting a SpEL expression to access sensitive system...