Lucene search

K
osvGoogleOSV:GHSA-WP4H-PVGW-5727
HistoryDec 02, 2021 - 2:50 p.m.

Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts

2021-12-0214:50:51
Google
osv.dev
58
apache struts
remote code execution
software security

EPSS

0.95

Percentile

99.4%

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.