Lucene search

K
redhatcveRedhat.comRH:CVE-2019-0230
HistoryAug 18, 2020 - 7:29 p.m.

CVE-2019-0230

2020-08-1819:29:30
redhat.com
access.redhat.com
27
apache struts
remote code execution
data confidentiality

EPSS

0.95

Percentile

99.4%

A flaw was found in Apache Struts frameworks. When forced, struts2 performs double evaluation of attributes’ values assigned to certain tags attributes such as ID so it is possible to pass a value that will be evaluated again when a tag’s attributes will be rendered. With a carefully crafted request, this can lead to Remote Code Execution (RCE). The largest threat from this vulnerability is to data confidentiality and integrity as well as system availability.