Detecting Jakarta Expression Language injections with CodeQL
How to use CodeQL to find EL injections and fix them
Published in
4 min readApr 14, 2021
Recently I wrote a post about detecting JEXL injections with CodeQL. JEXL is a library that provides an interpreter for a simple expression language (EL). This time, I’ll talk about injections with Jakarta Expression Language, and how they can be found with CodeQL.