Lucene search

K
osvGoogleOSV:GHSA-38QW-J787-V8C2
HistoryMay 17, 2022 - 12:29 a.m.

Apache Struts CSRF Vulnerability

2022-05-1700:29:27
Google
osv.dev
7
apache struts
csrf
vulnerability
cross-site request forgery
token validation

EPSS

0.004

Percentile

75.2%

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

EPSS

0.004

Percentile

75.2%