Miggo Logo
Miggo Vulnerability Database
CVE-2023-50571

CVE-2023-50571: easy-rules-mvel vulnerable to remote code execution

7.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-50571
GHSA ID
GHSA-fgwc-3j6w-ch22
EPSS Score
0.70468%
CWE
-
Published
12/29/2023
Updated
1/5/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jeasy:easy-rules-mvelmaven= 4.1.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in methods that process MVEL expressions. Both when() and then() methods accept arbitrary MVEL expressions which are evaluated without proper security controls. MVEL's ability to directly reference and instantiate classes allows attackers to trigger static initialization blocks (as demonstrated with jaz.Zer class). The reproduction examples in GHSA-fgwc-3j6w-ch22 explicitly show RCE achieved through these methods, confirming their role in the vulnerability chain.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**sy-rul*s-mv*l v*.*.* w*s *is*ov*r** to *ont*in * r*mot* *o** *x**ution (R**) vuln*r**ility vi* t** *ompon*nt `mV*LRul*`.

Reasoning

T** vuln*r**ility m*ni**sts in m*t*o*s t**t `pro**ss` MV*L *xpr*ssions. *ot* `w**n()` *n* `t**n()` m*t*o*s ****pt *r*itr*ry MV*L *xpr*ssions w*i** *r* *v*lu*t** wit*out prop*r s**urity *ontrols. MV*L's **ility to *ir**tly r***r*n** *n* inst*nti*t* *l