MVEL 2.5.0.Final: Slow ParseTools.subCompileExpression due to Java Class Lookup
CVE-2023-51079 Published on December 27, 2023

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task."

NVD

Products Associated with CVE-2023-51079

Want to know whenever a new CVE is published for Mvel? stack.watch will email you.

Mvel

Exploit Probability

EPSS

0.14%

Percentile

33.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

MVEL 2.5.0.Final: Slow ParseTools.subCompileExpression due to Java Class LookupCVE-2023-51079 Published on December 27, 2023

Products Associated with CVE-2023-51079

Exploit Probability

MVEL 2.5.0.Final: Slow ParseTools.subCompileExpression due to Java Class Lookup
CVE-2023-51079 Published on December 27, 2023