This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-032

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is possible to pass a malicious expression which can be used to execute arbitrary code on server side when Dynamic Method Invocation is enabled.

Solution

Upgrade Disable Dynamic Method Invocation when possible, if not upgrade to Apache Struts to version versions 2.3.20.2, 2.3.24.2 or 2.3.28.1.

...