com.nepxion:discovery-common is vulnerable to spring expression language injection. The vulnerability exists because eval
method in DiscoveryExpressionResolver.java
is evaluating expression
with a StandardEvaluationContext
, allowing an attacker to inject and execute malicious SpEL, leading to remote code executions.
CPE | Name | Operator | Version |
---|---|---|---|
nepxion discovery common | le | 6.16.2 | |
nepxion discovery common | le | 3.33.2 | |
nepxion discovery common | le | 6.16.2 | |
nepxion discovery common | le | 3.33.2 |