CWE-917
AllowedImproper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Abstraction: Base · Status: Incomplete
The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.
170 vulnerabilities reference this CWE, most recent first.
GHSA-RCG9-MH74-F858
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
{
"affected": [],
"aliases": [
"CVE-2020-7143"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
"id": "GHSA-rcg9-mh74-f858",
"modified": "2022-05-24T17:31:15Z",
"published": "2022-05-24T17:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7143"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RGM2-HXQF-7HH2
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
{
"affected": [],
"aliases": [
"CVE-2020-7194"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "HIGH"
},
"details": "A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
"id": "GHSA-rgm2-hxqf-7hh2",
"modified": "2022-05-24T17:31:21Z",
"published": "2022-05-24T17:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7194"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RP9G-QX29-88CP
Vulnerability from github – Published: 2026-03-18 09:30 – Updated: 2026-03-18 20:20A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents.
This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata.
The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like ", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.ai:spring-ai-vector-store"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0-M1"
},
{
"fixed": "1.1.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.ai:spring-ai-vector-store"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-22729"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-18T20:20:26Z",
"nvd_published_at": "2026-03-18T08:16:31Z",
"severity": "HIGH"
},
"details": "A JSONPath injection vulnerability in Spring AI\u0027s AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents.\n\nThis vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata.\n\nThe vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like\u00a0\",\u00a0||, and\u00a0\u0026\u0026\u00a0are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.",
"id": "GHSA-rp9g-qx29-88cp",
"modified": "2026-03-18T20:20:26Z",
"published": "2026-03-18T09:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22729"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-ai"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.0.4"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-ai/releases/tag/v1.1.3"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-22729"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "JSONPath Injection in Spring AI Vector Stores FilterExpressionConverter"
}
GHSA-RXGG-WF6C-FF5J
Vulnerability from github – Published: 2026-05-19 12:31 – Updated: 2026-05-19 21:32Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
{
"affected": [],
"aliases": [
"CVE-2026-31380"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T10:16:23Z",
"severity": "MODERATE"
},
"details": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027) vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 24.09.06.\n\nUsers are recommended to upgrade to version 24.09.06, which fixes the issue.",
"id": "GHSA-rxgg-wf6c-ff5j",
"modified": "2026-05-19T21:32:02Z",
"published": "2026-05-19T12:31:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31380"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/v2brvq1tf4q491obkxv8p7fc5qfshc08"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/19/19"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V632-2M87-7469
Vulnerability from github – Published: 2026-05-09 03:31 – Updated: 2026-05-14 13:10Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 or greater.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.ai:spring-ai-milvus-store"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.ai:spring-ai-milvus-store"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.1.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.ai:spring-ai-typesense-store"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.springframework.ai:spring-ai-typesense-store"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41705"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-14T13:10:18Z",
"nvd_published_at": "2026-05-09T01:16:08Z",
"severity": "HIGH"
},
"details": "Spring AI\u0027s MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.\nSpring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 or greater.",
"id": "GHSA-v632-2m87-7469",
"modified": "2026-05-14T13:10:18Z",
"published": "2026-05-09T03:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41705"
},
{
"type": "WEB",
"url": "https://github.com/spring-projects/spring-ai/pull/6011"
},
{
"type": "PACKAGE",
"url": "https://github.com/spring-projects/spring-ai"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-41705"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Spring AI\u0027s MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs"
}
GHSA-V6W3-2PRQ-H95F
Vulnerability from github – Published: 2021-10-06 17:48 – Updated: 2025-07-01 16:13In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.sun.el:el-ri"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.glassfish:jakarta.el"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.glassfish:javax.el"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.1-b12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28170"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-06T13:31:54Z",
"nvd_published_at": "2021-05-26T22:15:00Z",
"severity": "MODERATE"
},
"details": "In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.",
"id": "GHSA-v6w3-2prq-h95f",
"modified": "2025-07-01T16:13:50Z",
"published": "2021-10-06T17:48:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28170"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-ee4j/el-ri/issues/155"
},
{
"type": "WEB",
"url": "https://github.com/eclipse-ee4j/el-ri/pull/160/commits/b6a3943ac5fba71cbc6719f092e319caa747855b"
},
{
"type": "PACKAGE",
"url": "https://github.com/eclipse-ee4j/el-ri"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-1297098"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGGLASSFISH-2841368"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Input Validation in Jakarta Expression Language"
}
GHSA-V8J6-6C2R-R27C
Vulnerability from github – Published: 2022-04-13 00:00 – Updated: 2022-07-27 04:19The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.struts:struts2-core"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.5.30"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-31805"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-22T20:30:35Z",
"nvd_published_at": "2022-04-12T16:15:00Z",
"severity": "CRITICAL"
},
"details": "The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag\u2019s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.",
"id": "GHSA-v8j6-6c2r-r27c",
"modified": "2022-07-27T04:19:48Z",
"published": "2022-04-13T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805"
},
{
"type": "WEB",
"url": "https://cwiki.apache.org/confluence/display/WW/S2-062"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220420-0001"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/04/12/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Expression Language Injection in Apache Struts"
}
GHSA-V9QJ-FJH8-C3G9
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
{
"affected": [],
"aliases": [
"CVE-2020-7147"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "CRITICAL"
},
"details": "A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
"id": "GHSA-v9qj-fjh8-c3g9",
"modified": "2022-05-24T17:31:15Z",
"published": "2022-05-24T17:31:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7147"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VF39-69XH-F6XG
Vulnerability from github – Published: 2022-05-24 17:31 – Updated: 2022-05-24 17:31A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
{
"affected": [],
"aliases": [
"CVE-2020-7192"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-19T18:15:00Z",
"severity": "HIGH"
},
"details": "A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).",
"id": "GHSA-vf39-69xh-f6xg",
"modified": "2022-05-24T17:31:20Z",
"published": "2022-05-24T17:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7192"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbnw04036en_us"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VJQW-R3WW-WJ2W
Vulnerability from github – Published: 2021-06-16 17:18 – Updated: 2021-07-29 16:57A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.syncope:syncope-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1959"
],
"database_specific": {
"cwe_ids": [
"CWE-917"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-25T20:59:03Z",
"nvd_published_at": "2020-05-04T13:15:00Z",
"severity": "CRITICAL"
},
"details": "A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. Apache Syncope uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, they support different types of interpolation, including Java EL expressions. Therefore, if an attacker can inject arbitrary data in the error message template being passed, they will be able to run arbitrary Java code.",
"id": "GHSA-vjqw-r3ww-wj2w",
"modified": "2021-07-29T16:57:05Z",
"published": "2021-06-16T17:18:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1959"
},
{
"type": "WEB",
"url": "http://syncope.apache.org/security"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Expression Language Injection in Apache Syncope"
}
Mitigation
Avoid adding user-controlled data into an expression interpreter when possible.
Mitigation
- If user-controlled data must be added to an expression interpreter, one or more of the following should be performed:
- Validate that the user input will not evaluate as an expression
- Encode the user input in a way that ensures it is not evaluated as an expression
Mitigation
The framework or tooling might allow the developer to disable or deactivate the processing of EL expressions, such as setting the isELIgnored attribute for a JSP page to "true".
No CAPEC attack patterns related to this CWE.