Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-03 | CVE-2022-22947 | Expression Language Injection vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | 10.0 |
| 2021-12-14 | CVE-2021-45046 | Expression Language Injection vulnerability in multiple products It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. | 9.0 |
| 2021-09-09 | CVE-2021-32834 | Expression Language Injection vulnerability in Eclipse Keti Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). | 6.5 |
| 2021-08-30 | CVE-2021-26084 | Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |
| 2021-07-31 | CVE-2020-26565 | Expression Language Injection vulnerability in Objectplanet Opinio ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. | 5.0 |
| 2021-05-26 | CVE-2021-28170 | Expression Language Injection vulnerability in multiple products In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | 5.0 |
| 2020-12-11 | CVE-2020-17530 | Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 7.5 |
| 2020-11-26 | CVE-2020-7779 | Expression Language Injection vulnerability in Djvalidator Project Djvalidator All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!. | 5.0 |
| 2020-10-19 | CVE-2020-7195 | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |
| 2020-10-19 | CVE-2020-7194 | Expression Language Injection vulnerability in HP Intelligent Management Center A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.0 |