Statements (14)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:CEO
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-23
|
| gptkbp:category |
Injection
|
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:example |
An attacker can inject a malicious expression that alters the application's behavior.
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-887
|
| gptkbp:impact |
Allows attackers to execute arbitrary code.
|
| gptkbp:is_described_as |
CWE-887 refers to the injection of malicious expressions into an application that uses expression languages.
|
| gptkbp:is_protected_by |
Input validation and sanitization.
|
| gptkbp:name |
Expression Language Injection
|
| gptkbp:related_to |
gptkb:CWE-74
gptkb:CWE-89 gptkb:CWE-20 |