Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-20 | CVE-2024-51466 | IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. | 9.0 |
| 2024-08-06 | CVE-2024-7552 | Expression Language Injection vulnerability in Datagear A vulnerability was found in DataGear up to 5.0.0. | 8.8 |
| 2023-07-18 | CVE-2022-4146 | Expression Language Injection vulnerability in Hitachi Replication Manager Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | 9.8 |
| 2023-04-25 | CVE-2023-22665 | Expression Language Injection vulnerability in Apache Jena There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. | 5.4 |
| 2023-04-13 | CVE-2023-20863 | Expression Language Injection vulnerability in VMWare Spring Framework In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | 6.5 |
| 2023-03-28 | CVE-2023-27821 | Expression Language Injection vulnerability in Databasir 1.0.7 Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter. | 9.8 |
| 2023-02-20 | CVE-2023-26092 | Expression Language Injection vulnerability in Puzzle Liima Liima before 1.17.28 allows server-side template injection. | 9.8 |
| 2022-12-14 | CVE-2022-23504 | Expression Language Injection vulnerability in Typo3 TYPO3 is an open source PHP based web content management system. | 4.9 |
| 2022-07-12 | CVE-2022-34466 | Expression Language Injection vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). | 6.5 |
| 2022-06-23 | CVE-2022-22980 | Expression Language Injection vulnerability in VMWare Spring Data Mongodb A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. | 9.8 |