hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update MvelInjection.qhelp

Browse Source 
Minor tweaks
This commit is contained in:
mc
2021-07-29 11:30:19 +01:00
committed by GitHub
parent 68df8028d2
commit 8f1fc9e893
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/src/Security/CWE/CWE-094/MvelInjection.qhelp
View File

@@ -3,11 +3,11 @@
<overview>
<p>
MVEL is an expression language based on Java-syntax.
The language offers many features
MVEL is an expression language based on Java-syntax,
which offers many features
including invocation of methods available in the JVM.
If a MVEL expression is built using attacker-controlled data,
and then evaluated, then it may allow the attacker to run arbitrary code.
and then evaluated, then it may allow attackers to run arbitrary code.
</p>
</overview>
@@ -35,4 +35,4 @@ and then runs it in the default powerfull context.
<a href="https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection">Expression Language Injection</a>.
</li>
</references>
</qhelp>
</qhelp>