Lucene search

K
cvelistApacheCVELIST:CVE-2019-0230
HistorySep 14, 2020 - 4:41 p.m.

CVE-2019-0230

2020-09-1416:41:27
apache
www.cve.org
9
apache struts
remote code execution
cve-2019-0230
ognl evaluation
tag attributes

AI Score

9.7

Confidence

High

EPSS

0.95

Percentile

99.4%

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

CNA Affected

[
  {
    "product": "Apache Struts",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Struts 2.0.0 to 2.5.20"
      }
    ]
  }
]