Possible expression language (EL) injection detected
Last updated
Last updated
Rule ID: java_lang_expression_language_injection
Applicable Languages: Java
Weakness ID: CWE-917
Expression Language (EL) injection vulnerabilities arise when unvalidated external input is incorporated into EL statements. This can lead to the inadvertent execution of malicious code.
Always validate all external input or dynamic values before incorporating them into EL statements. This is essential to mitigate the risk of EL injection attacks.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our