|
|
|
|
|
|
by mthomas
4894 days ago
|
|
|
There is no information in that article except generic language about injection. I believe this is the actual advisory:
http://www.mindedsecurity.com/fileshare/ExpressionLanguageIn... It appears that spring double evaluates the expressions, so you can send a request param that is an EL expression that references values present in the server environment. |
|
|