Homepage
About Snyk

org.glassfish:javax.el@3.0.1-b11 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.glassfish:javax.el package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation. A bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.

The bug seems to be in the parser’s grammar - $ or # followed by a character that is not {, $ or # will be treated as a literal expression. The pertinent case is when the character following the $ or # chars is a backslash. The parser will then consume the backslash as part of the literal expression and will leave the character that follows it unescaped.

Note: org.glassfish:javax.el is deprecated, users can move to use org.glassfish:jakarta.el instead where this issue is first fixed in version 3.0.4.

How to fix Improper Input Validation?

There is no fixed version for org.glassfish:javax.el.

[0,)
Go back to all versions of this package