...
| Excerpt |
|---|
Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to remote code execution - same as S2-061 (CVE-2020-17530). |
Who should read this | All Struts 2 developers and users |
|---|---|
Impact of vulnerability | Possible Remote Code Execution vulnerability |
Maximum security rating | Important |
Recommendation | Upgrade to Struts 2.5.30 or greater |
Affected Software | Struts 2.0.0 - Struts 2.5.29 |
Reporters | Chris McCown - 0xchrismccown at gmail dot com |
CVE Identifier | CVE-2021-31805 |
...