Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-4QGJ-9MVG-3929
HistoryMay 14, 2022 - 3:15 a.m.

Special top object can be used to access Struts' internals

2022-05-1403:15:08
Google
osv.dev
11
struts
valuestack
regex
security
patch
vulnerability

EPSS

0.003

Percentile

69.9%

JSON

ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts’ internals or can be used to affect container’s settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patched in Struts 2.3.24.1.

Related

ibm 7
nvd 1
openvas 2
github 1
cve 1
ubuntucve 1
cvelist 1
prion 1
nessus 1
ibm
ibm
Security Bulletin:A vulnerability in Struts affects the IBM FlashSystem model V840 (CVE-2015-5209)
2018-06-18 00:10:20
Security Bulletin: A vulnerability in Struts affects the IBM FlashSystem models 840 and 900 (CVE-2015-5209)
2023-02-18 01:45:50
Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller and Storwize Family (CVE-2015-5209)
2023-03-29 01:48:02
nvd
nvd
CVE-2015-5209
2017-08-29 15:29:00
openvas
openvas
Apache Struts Security Update (S2-026)
2017-08-31 00:00:00
Apache Struts 'top' Object Access Security Bypass Vulnerability (S2-026) - Linux
2017-08-31 00:00:00
github
github
Special top object can be used to access Struts' internals
2022-05-14 03:15:08
cve
cve
CVE-2015-5209
2017-08-29 15:29:00
ubuntucve
ubuntucve
CVE-2015-5209
2017-08-29 00:00:00
cvelist
cvelist
CVE-2015-5209
2017-08-29 15:00:00
prion
prion
Design/Logic Flaw
2017-08-29 15:29:00
nessus
nessus
Apache Struts 2.x < 2.3.24.1 Multiple Vulnerabilities (S2-026) (S2-027)
2016-02-12 00:00:00

EPSS

0.003

Percentile

69.9%

JSON
Related for OSV:GHSA-4QGJ-9MVG-3929
ibm7nvd1openvas2github1cve1ubuntucve1cvelist1prion1nessus1