...
Code Block | ||||
---|---|---|---|---|
| ||||
<@s.hidden name="redirectUri" value=redirectUri />
<@s.hidden name="redirectUri" value="${redirectUri}" />
<@s.hidden name="${redirectUri}"/> |
In both cases a writable property is used in the value
attribute and in both cases this is threatened as an expression by Freemarker. Please be aware that using Struts expression evaluation style is safe:
Code Block | ||||
---|---|---|---|---|
| ||||
<@s.hidden name="redirectUri" value="%{redirectUri}" /> <@s.hidden name="%{redirectUri}"/> |
Solution
Do not use such constructions in your code or use read-only properties to initialise the value
attribute (property with getter only). You can upgrade to Apache Struts version 2.5.12 or 2.3.34 which contain more restricted Freemarker configuration but removing vulnerable constructions is preferable.
...