{"id":"CVE-2021-28170","details":"In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.","aliases":["GHSA-v6w3-2prq-h95f"],"modified":"2026-05-15T12:04:37.408317631Z","published":"2021-05-26T22:15:07.980Z","database_specific":{"unresolved_ranges":[{"vendor_product":"eclipse:jakarta_expression_language","source":"CPE_FIELD","extracted_events":[{"last_affected":"3.0.3"}],"cpes":["cpe:2.3:a:eclipse:jakarta_expression_language:*:*:*:*:*:*:*:*"]},{"vendor_product":"oracle:communications_cloud_native_core_policy","source":"CPE_FIELD","extracted_events":[{"last_affected":"1.14.0"}],"cpes":["cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*"]},{"vendor_product":"oracle:weblogic_server","source":"CPE_FIELD","extracted_events":[{"last_affected":"14.1.1.0.0"}],"cpes":["cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"]}]},"references":[{"type":"REPORT","url":"https://github.com/eclipse-ee4j/el-ri/issues/155"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"EVIDENCE","url":"https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}