This repository was archived by the owner on Mar 8, 2019. It is now read-only.
This repository was archived by the owner on Mar 8, 2019. It is now read-only.
whitelabel error page vulnerability #43
Description
Hello.
There is an SPEL injection problem (would consider it vulnerability) with whitelabel error page.
If encountering an error message that shows the used value (e.g. type conversion between string and a boolean) and the used value contains SPEL expression, it will be evaluated server side.
I know, the recommendation is to disable the whitelabel, but I suppose this should still get fixed.