In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. References: https://github.com/eclipse-ee4j/el-ri/issues/155 https://securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
Created jakarta-el tracking bugs for this issue: Affects: fedora-all [bug 1965500]
This issue has been addressed in the following products: EAP 7.3.9 release Via RHSA-2021:3471 https://access.redhat.com/errata/RHSA-2021:3471
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8 Via RHSA-2021:3468 https://access.redhat.com/errata/RHSA-2021:3468
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6 Via RHSA-2021:3466 https://access.redhat.com/errata/RHSA-2021:3466
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7 Via RHSA-2021:3467 https://access.redhat.com/errata/RHSA-2021:3467
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-28170
This issue has been addressed in the following products: Red Hat EAP-XP 2.0.0 via EAP 7.3.x base Via RHSA-2021:3516 https://access.redhat.com/errata/RHSA-2021:3516
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.9 Via RHSA-2021:3534 https://access.redhat.com/errata/RHSA-2021:3534
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2021:3656 https://access.redhat.com/errata/RHSA-2021:3656
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2021:3658 https://access.redhat.com/errata/RHSA-2021:3658
This issue has been addressed in the following products: EAP 7.4.1 release Via RHSA-2021:3660 https://access.redhat.com/errata/RHSA-2021:3660
This issue has been addressed in the following products: Red Hat Fuse 7.10 Via RHSA-2021:5134 https://access.redhat.com/errata/RHSA-2021:5134
This issue has been addressed in the following products: Red Hat build of Quarkus 2.2.5 Via RHSA-2022:0589 https://access.redhat.com/errata/RHSA-2022:0589
This issue has been addressed in the following products: RHINT Camel-Q 2.2.1 Via RHSA-2022:1013 https://access.redhat.com/errata/RHSA-2022:1013
This issue has been addressed in the following products: RHINT Camel-K 1.6.4 Via RHSA-2022:1029 https://access.redhat.com/errata/RHSA-2022:1029