SUSE CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

Denial Of Service (DoS)

org.mvel: mvel2 is vulnerable to Denial Of Service DoS. The vulnerability is due to the ParseTools.subCompileExpression method which times or executes for an indefinite time when parsing a crafted MVFLEX Expression MVEL. A malicious user can craft an MVEL expression and pass to the...

CVE-2023-51079

DISPUTED A vulnerability was found in the ParseTools.subCompileExpression method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to...

mvel2 TimeOut error exists in the ParseTools.subCompileExpression method

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final...

GHSA-H63J-XQX6-W58R mvel2 TimeOut error exists in the ParseTools.subCompileExpression method

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final...

UBUNTU-CVE-2023-51079

DISPUTED A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

MVEL Security Vulnerabilities

MVEL is a hybrid dynamic/static typed, embeddable expression language and Java platform runtime open-sourced by MVEL. A security vulnerability exists in MVEL v2.5.0 Final that stems from a timeout error in the ParseTools.subCompileExpression method...

CVE-2023-51079

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."...

CVE-2023-51079

CVE-2023-51079 is a DoS vulnerability in MVEL’s ParseTools.subCompileExpression() causing timeout under crafted requests. IBM’s bulletin ties this to IBM Business Automation Manager Open Editions (BAMOE) 9.0.0–9.1.1, recommending BAMOE 9.2.0 as the fix. Red Hat advisory for Apache Camel build als...

PT-2023-31756 · Mvel2 · Mvel2

Name of the Vulnerable Software and Affected Versions: mvel2 version 2.5.0 Final Description: A TimeOut error exists in the ParseTools.subCompileExpression method due to many Java class lookups, potentially causing a long execution time. The vendor disputes the significance of this issue, stating...