Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework

RSS Feed HIGH

GHSA-wv88-pf73-x22p CVE-2011-2730

Description:

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection."

Affected Packages

Ecosystem	Package	Vulnerable Versions	Patched Version
maven	`org.springframework:spring-core`	`>= 2.5.7.SR0, <= 2.5.7.SR022` `<= 2.5.6.SEC02` `>= 3.0.0, < 3.0.6`	`2.5.7.SR023`

Related Dependabot Pull Requests

All Open Closed Merged

No Related Pull Requests

No Dependabot pull requests have been found that reference this security advisory.

Actions

View on GitHub All Advisories

Advisory Details

Published:	May 17, 2022 about 4 years ago
Updated:	June 18, 2026 about 19 hours ago
EPSS:	47.61% 98th percentile
Source:	Github
Classification:	GENERAL
UUID:	`GSA_kwCzR0hTQS13djg4LXBmNzMteDIycM4AAa4I`

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot