[ https://issues.apache.org/jira/browse/JEXL-223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15980988#comment-15980988 ]
Sebb commented on JEXL-223: --------------------------- Maybe the docs should make it clearer that JEXL does not (and cannot in general) sanitise user input. The control methods noted above should also be described. This could be a new section on the home page. > Apache Commons JEXL Expression Execute Command Vulnerabilitity > -------------------------------------------------------------- > > Key: JEXL-223 > URL: https://issues.apache.org/jira/browse/JEXL-223 > Project: Commons JEXL > Issue Type: Bug > Reporter: cnbird > Priority: Critical > > 0x01 Summary > Apache Commons JEXL Expression Execute Command Vulnerabilitity throught > groovy. > 0x02 POC > POC Report to Apache Security Email Address secur...@apache.org. -- This message was sent by Atlassian JIRA (v6.3.15#6346)