7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.1%
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and
3.x before 3.0.6, when a container supports Expression Language (EL),
evaluates EL expressions in tags twice, which allows remote attackers to
obtain sensitive information via a (1) name attribute in a (a)
spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or ©
spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7)
scope, or (8) message attribute in a (d) spring:message or (e) spring:theme
tag; or (9) var, (10) scope, or (11) value attribute in a (f)
spring:transform tag, aka “Expression Language Injection.”