CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement
Monthly
Spring AI's AbstractFilterExpressionConverter fails to properly escape user-controlled input in JSONPath queries, allowing authenticated attackers to inject arbitrary expressions and bypass access controls in vector store implementations. This impacts applications relying on the converter for multi-tenant isolation, role-based access, or metadata-based document filtering, enabling attackers to access unauthorized documents. No patch is currently available.
Wikimedia Foundation Mediawiki - DiscussionTools Extension is affected by improper neutralization of special elements used in an expression language statement.
Critical remote code execution vulnerability in expression language processors that allows unauthenticated attackers to execute arbitrary code with maximum server privileges through improper input neutralization. This is a perfect-score CVSS 10.0 vulnerability affecting expression language engines across multiple frameworks; exploitation requires no authentication, user interaction, or special configuration, making it an immediate priority for any organization using affected technologies.
Apache Log4j2 contains an incomplete fix for Log4Shell (CVE-2021-44228) that allows attackers to bypass the initial patch through Thread Context Map (MDC) input data in non-default configurations, enabling RCE and DoS.
Confluence Server and Data Center contain an OGNL injection vulnerability allowing unauthenticated remote code execution, triggering mass exploitation campaigns for cryptocurrency mining and ransomware in September 2021.
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to achieve arbitrary code execution via crafted URL parameters when the Java Security Manager is misconfigured.
Spring AI's AbstractFilterExpressionConverter fails to properly escape user-controlled input in JSONPath queries, allowing authenticated attackers to inject arbitrary expressions and bypass access controls in vector store implementations. This impacts applications relying on the converter for multi-tenant isolation, role-based access, or metadata-based document filtering, enabling attackers to access unauthorized documents. No patch is currently available.
Wikimedia Foundation Mediawiki - DiscussionTools Extension is affected by improper neutralization of special elements used in an expression language statement.
Critical remote code execution vulnerability in expression language processors that allows unauthenticated attackers to execute arbitrary code with maximum server privileges through improper input neutralization. This is a perfect-score CVSS 10.0 vulnerability affecting expression language engines across multiple frameworks; exploitation requires no authentication, user interaction, or special configuration, making it an immediate priority for any organization using affected technologies.
Apache Log4j2 contains an incomplete fix for Log4Shell (CVE-2021-44228) that allows attackers to bypass the initial patch through Thread Context Map (MDC) input data in non-default configurations, enabling RCE and DoS.
Confluence Server and Data Center contain an OGNL injection vulnerability allowing unauthenticated remote code execution, triggering mass exploitation campaigns for cryptocurrency mining and ransomware in September 2021.
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to achieve arbitrary code execution via crafted URL parameters when the Java Security Manager is misconfigured.