Lucene search
K

7 matches found

Github Security Blog
Github Security Blog
added 2022/04/13 12:0 a.m.71 views

Expression Language Injection in Apache Struts

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS2.1AI score0.95922EPSS
Exploits16References6Affected Software1
NVD
NVD
added 2022/04/12 4:15 p.m.41 views

CVE-2021-31805

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

9.8CVSS0.95922EPSS
Exploits16References4
Github Security Blog
Github Security Blog
added 2022/02/09 10:51 p.m.93 views

Remote code execution in Apache Struts

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...

9.8CVSS9.4AI score0.95922EPSS
Exploits11References14Affected Software1
Saint
Saint
added 2021/02/03 12:0 a.m.125 views

Apache Struts forced OGNL evaluation

Added: 02/03/2021 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts uses Object-Graph Navigation Language OGNL to...

8.3AI score
Exploits0
Prion
Prion
added 2020/12/11 2:15 a.m.45 views

Remote code execution

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25...

7.5CVSS9.5AI score0.95922EPSS
Exploits11References11Affected Software8
Cvelist
Cvelist
added 2020/12/11 1:11 a.m.31 views

CVE-2020-17530

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25...

9.7AI score0.95922EPSS
Exploits11References11
ATTACKERKB
ATTACKERKB
added 2020/12/11 12:0 a.m.165 views

CVE-2020-17530

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 – Struts 2.5.25. Recent assessments: wvu-r7 at December 08, 2020 6:53pm UTC reported: See my assessment on CVE-2019-0230. Apache themselves said...

9.8CVSS10AI score0.97399EPSS
In wildExploits28References13
Rows per page
Query Builder