Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-20 | CVE-2020-15146 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 8.8 |
2020-08-20 | CVE-2020-15143 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 8.8 |
2020-07-14 | CVE-2020-9297 | Expression Language Injection vulnerability in Netflix Titus Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. | 9.8 |
2020-06-16 | CVE-2020-9296 | Expression Language Injection vulnerability in Netflix Conductor Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. | 9.8 |
2020-05-20 | CVE-2020-3956 | Expression Language Injection vulnerability in VMWare Vcloud Director VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. | 8.8 |
2020-05-04 | CVE-2020-1959 | Expression Language Injection vulnerability in Apache Syncope A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. | 9.8 |
2020-04-01 | CVE-2020-10199 | Expression Language Injection vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | 8.8 |
2020-01-28 | CVE-2020-7799 | Expression Language Injection vulnerability in Fusionauth An issue was discovered in FusionAuth before 1.11.0. | 7.2 |
2020-01-15 | CVE-2019-16469 | Expression Language Injection vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. | 7.5 |
2019-06-14 | CVE-2019-12822 | Expression Language Injection vulnerability in Embedthis Goahead In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | 7.5 |