You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm following mvel/mvel#348 closely. At the moment, I'm assigning this low-priority because the Smooks codebase doesn't directly call anywhere ParseTools.subCompileExpression. Apart from this, there doesn't seem to be consensus among the MVEL maintainers whether this is a security issue. Having said this, we might need to have a broader discussion on how Smooks should handle unexpected large payloads.
The mvel dependecy
in version
2.5.1.Final
has a security issue (CVE-2023-51079)As of now, there seems to be no updated version of mvel available:
mvel/mvel#348
The text was updated successfully, but these errors were encountered: