Spring Expression Language (SpEL) Injection

2022-09-2709:13:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

spel injection

com.nepxion:discovery-common

vulnerability

eval method

discoveryexpressionresolver

standardevaluationcontext

remote code execution

software

0.004 Low

EPSS

Percentile

73.7%

JSON

com.nepxion:discovery-common is vulnerable to spring expression language injection. The vulnerability exists because eval method in DiscoveryExpressionResolver.java is evaluating expression with a StandardEvaluationContext, allowing an attacker to inject and execute malicious SpEL, leading to remote code executions.

CPENameOperatorVersion
nepxion discovery commonle6.16.2
nepxion discovery commonle3.33.2
nepxion discovery commonle6.16.2
nepxion discovery commonle3.33.2

Name	Operator	Version
nepxion discovery common	le	6.16.2
nepxion discovery common	le	3.33.2
nepxion discovery common	le	6.16.2
nepxion discovery common	le	3.33.2

References

github.com/Nepxion/Discovery/blob/6.16.2/discovery-commons/discovery-common/src/main/java/com/nepxion/discovery/common/expression/DiscoveryExpressionResolver.java#L37

github.com/Nepxion/Discovery/issues/183

securitylab.github.com/advisories/GHSL-2022-033_GHSL-2022-034_Discovery/