...
Who should read this | All Struts 2 developers |
|---|---|
Impact of vulnerability | Remote command execution and arbitrary file overwrite, Strict DMI does not work correctly |
Maximum security rating | Critical |
Recommendation | Developers should immediately upgrade to Struts 2.3.1.1 or read the following solution instructions carefully for a configuration change to mitigate the vulnerability |
Affected Software | Struts 2.1.0 - Struts 2.3.1 |
Original JIRA Ticket | |
Reporter | Johannes Dahse, SEC Consult Vulnerability Lab and Bruce Phillips (blog post) |
CVE Identifier |
|
Original Description | Reported directly to security@struts.a.o and Struts 2 Security Vulnerability - Dynamic Method Invocation |
...