CVE-2023-51079

Name of the Vulnerable Software and Affected Versions mvel2 version 2.5.0 Final

Description A TimeOut error exists in the ParseTools.subCompileExpression method due to many Java class lookups, potentially causing a long execution time. The vendor disputes the significance of this issue, stating that the only expected consequence is a significant delay in the parser completing its task.

Recommendations For mvel2 version 2.5.0 Final, consider applying optimization techniques to reduce the number of Java class lookups in the ParseTools.subCompileExpression method to mitigate the risk of a TimeOut error. At the moment, there is no information about a newer version that contains a fix for this vulnerability.