Expression injection (EL / SpEL / OGNL)

Expression injection (EL / SpEL / OGNL)

TL;DR: Server-side template-language sinks executing attacker input. SpEL / OGNL are the canonical Java versions.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

  • TODO