WebLogic Improper Neutralization of Special Elements used in an Expression Language Statement (Expression La Vulnerability - CVE-2021-28170
Reference:
CVE-2021-28170
Title:
WebLogic Improper Neutralization of Special Elements used in an Expression Language Statement (Expression La Vulnerability
Overview:
In the Jakarta Expression Language implementation 3.0.3 and earlier a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.