Security researcher Peter H, aka ‘pmnh’, said the attack used Spring Expression Language (SpEL) injection. The bounty hunter found the bypass with the assistance of Synack pentester Usman Mansha during an engagement with a private Bugcrowd program.