CVE-2021-28170
published 2021-05-26CVE-2021-28170: In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | jakarta-el-api | — | — |
| eclipse | jakarta_expression_language | <= 3.0.3 | — |
| oracle | communications_cloud_native_core_policy | — | — |
| oracle | weblogic_server | — | — |
| quarkus | quarkus | < 2.3.0 | 2.3.0 |
| the_eclipse_foundation | jakarta_expression_language_implementation | unspecified – 3.0.3 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM