Описание
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | jakarta.el | Affected | ||
| Red Hat Decision Manager 7 | jakarta.el | Not affected | ||
| Red Hat Enterprise Linux 9 | jakarta-el | Affected | ||
| Red Hat Integration Camel K 1 | jakarta.el | Affected | ||
| Red Hat Integration Service Registry | jakarta.el | Not affected | ||
| Red Hat JBoss Data Grid 7 | jakarta.el | Out of support scope | ||
| Red Hat OpenShift Application Runtimes | jakarta.el | Affected | ||
| Red Hat Process Automation 7 | jakarta.el | Not affected | ||
| EAP 7.3.9 release | jakarta.el | Fixed | RHSA-2021:3471 | 08.09.2021 |
| EAP 7.4.1 release | jakarta.el | Fixed | RHSA-2021:3660 | 23.09.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
In the Jakarta Expression Language implementation 3.0.3 and earlier, a ...
Improper Input Validation in Jakarta Expression Language
Уязвимость функции ELParserTokenManager языка программирования Jakarta EL, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных
EPSS
7.5 High
CVSS3