Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upCodeQL query to detect Unified EL injections #71
Closed
Labels
Comments
|
Hi @ggolawski , Thanks for the submission! We have reviewed your report and validated your findings. After internally assessing the findings and the query we have determined this query does not catch any true positive and is therefore not eligible for a reward under the Bug Bounty program. Looking forward to your next submissions! Best regards and happy hacking! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE ID(s)
There's no CVE for this.
Report
I created a query to detect Unified EL (
javax.el) injections in Java code. The query raises a flag if user-provided expression is evaluated.ExpressionFactory.createValueExpression,ExpressionFactory.createMethodExpressionandELProcessorare supported.The details are present in PR: github/codeql#3323