The Spring Expression Language (SpEL) provides a powerful expression language for querying and manipulating an object graph at runtime.
The Spring Boot framework improperly handled exceptions when preparing Whitelabel Error pages and user-controlled exception messages were evaluated as SpEL expressions allowing an attacker to execute arbitrary code.
Upgrade to the latest version of Spring Boot.
Spring Boot versions 1.2.8 and 1.3.1 have been released to fix this vulnerability.
YAHOO! RCE VIA SPRING ENGINE SSTI
whitelabel error page vulnerability
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)
Oracle E-Business Suite Unauthenticated Remote Code Execution
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
Apache Struts 2 ClassLoader manipulation and denial of service