Lucene search

K
attackerkbAttackerKBAKB:CF76EF1F-CB59-4A29-ADB1-DA37C695142B
HistoryDec 11, 2020 - 12:00 a.m.

CVE-2020-17530

2020-12-1100:00:00
attackerkb.com
148
apache struts
forced ognl evaluation
remote code execution
cve-2020-17530

EPSS

0.973

Percentile

99.9%

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25.

Recent assessments:

wvu-r7 at December 08, 2020 6:53pm UTC reported:

See my assessment on CVE-2019-0230. Apache themselves said this is similar to S2-059.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 2