CVE-2023-51079

Published: Dic 27, 2023 Last Modified: Nov 21, 2024
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: low

Description

AI Translation Available

A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because 'the only thing that you could expect is that the parser will take a crazy amount of time to complete its task.'

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0009
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

Application

Mvel by Mvel

Product Information
Vendor Mvel
Product Mvel
Version 2.5.0
cpe:2.3:a:mvel:mvel:2.5.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/mvel/mvel/issues/348
Exploit Issue Tracking Third Party Advisory
https://github.com/mvel/mvel/issues/348
https://github.com/mvel/mvel/issues/348#issuecomment-187404…
https://github.com/mvel/mvel/issues/348#issuecomment-1874047271
https://github.com/mvel/mvel/issues/348
Exploit Issue Tracking Third Party Advisory
https://github.com/mvel/mvel/issues/348
https://github.com/mvel/mvel/issues/348#issuecomment-187404…
https://github.com/mvel/mvel/issues/348#issuecomment-1874047271