...
Who should read this | All Struts 2 developers and users |
|---|---|
Impact of vulnerability | Permissions, Privileges, and Access Controls |
Maximum security rating | Important |
Recommendation | Developers should immediately upgrade to Struts 2.3.15.2 |
Affected Software | Struts 2.0.0 - Struts 2.3.15.1 |
Reporter | Zhangyan (L), Huawei PSIRT |
CVE Identifier |
Problem
The Struts 2 DefaultActionMapper used to support a method for short-circuit navigation state changes by prefixing parameters with "action:". This mechanism was intended to help with attaching navigational information to buttons within forms.
...