Expression Language Injection

Expression Language (EL) Injection happens when attacker controlled data enters an EL interpreter. With EL implementations prior to 2.2, attacker can recover sensitive server side information available through implicit objects.This includes model objects, beans, session scope, application scope, etc.The EL 2.2 spec allows method invocation, which permits an attacker to execute arbitrary code within context of the application.This can manipulate application functionality, expose sensitive data, and branch out into system code access– posing a risk of server compromise. A specific pattern exists in certain version of the Spring Framework, where Spring JSP tags will double resolve EL.In versions prior to 3.0 .6, it is not possible to disable this functionality, and the pattern must be avoided.