Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-12 | CVE-2023-41331 | Expression Language Injection vulnerability in Sofastack Sofarpc SOFARPC is a Java RPC framework. | 9.8 |
| 2023-07-18 | CVE-2022-4146 | Expression Language Injection vulnerability in Hitachi Replication Manager Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02. | 9.8 |
| 2023-07-12 | CVE-2022-42009 | Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. | 8.8 |
| 2023-07-12 | CVE-2022-45855 | Expression Language Injection vulnerability in Apache Ambari SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7. | 8.8 |
| 2023-07-12 | CVE-2023-32200 | Expression Language Injection vulnerability in Apache Jena There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. | 8.8 |
| 2023-04-25 | CVE-2023-22665 | Expression Language Injection vulnerability in Apache Jena There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. | 5.4 |
| 2023-04-13 | CVE-2023-20863 | Expression Language Injection vulnerability in VMWare Spring Framework In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | 6.5 |
| 2023-02-20 | CVE-2023-26092 | Expression Language Injection vulnerability in Puzzle Liima Liima before 1.17.28 allows server-side template injection. | 9.8 |
| 2022-12-14 | CVE-2022-23504 | TYPO3 is an open source PHP based web content management system. | 4.9 |
| 2022-09-24 | CVE-2022-23463 | Expression Language Injection vulnerability in Nepxion Discovery Nepxion Discovery is a solution for Spring Cloud. | 9.8 |