ELParserTokenManager Bug Allows Evaluation of Invalid EL Expressions in Jakarta Expression Language Implementation 3.0.3 and Earlier

ELParserTokenManager Bug Allows Evaluation of Invalid EL Expressions in Jakarta Expression Language Implementation 3.0.3 and Earlier

CVE-2021-28170 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.

Learn more about our Web Application Penetration Testing UK.