Spring Boot Whitelabel Error Page SpEL

Description
  • The Spring Expression Language (SpEL) provides a powerful expression language for querying and manipulating an object graph at runtime.

    The Spring Boot framework improperly handled exceptions when preparing Whitelabel Error pages and user-controlled exception messages were evaluated as SpEL expressions allowing an attacker to execute arbitrary code.
Remediation
  • Upgrade to the latest version of Spring Boot.
    Spring Boot versions 1.2.8 and 1.3.1 have been released to fix this vulnerability.
References