Tag
spel-injection
Safeguard articles tagged "spel-injection" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Spring Cloud Function SpEL injection RCE (CVE-2022-22963)
CVE-2022-22963 lets attackers RCE unpatched Spring Cloud Function apps via one SpEL header. CVSS 9.8. Here's the fix, fast.
Dec 24, 20258 min read
Vulnerability Analysis
CVE-2016-4977: Remote code execution in Spring Security O...
CVE-2016-4977 let attackers achieve remote code execution against Spring Security OAuth's whitelabel views via SpEL injection. Here's what shipped, why, and how to fix it.
Sep 21, 20258 min read