Expression Language Injection
Spring Framework - Java
Input Validation, Syntax Escaping, Secure Design
Vector Operation Method:
Malicious inputs can affect the server-side Spring EL interpreter to execute attacker controlled code in the context of the application. The vulnerability may exists in applications based on Java Spring Framework versions 3.0.0 - 3.0.5, and in Java Spring Applications that make use of programmatic EL syntax evaluation classes.