struts2-core is vulnerable to remote code execution (RCE). The vulnerability exists through the possibility of a forced double OGNL expression through the ${itemValue}
expression in simple/radiomap.ftl
.
packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
cwiki.apache.org/confluence/display/WW/S2-059
cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.22
github.com/apache/struts/commit/873ca8fa203b7066cbae3333aeb688887df5d16c
launchpad.support.sap.com/#/notes/2982840
lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E
www.mail-archive.com/[email protected]/msg06037.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpujan2021.html
www.oracle.com/security-alerts/cpuoct2021.html