It is possible to bypass token validation and perform a CSRF attack
Who should read this
All Struts 2 developers and users
Impact of vulnerability
Possible CSRF attack
Maximum security rating
Upgrade to Struts 2.3.29.
Struts 2.3.20 - Struts Struts 184.108.40.206
Takeshi Terada websec02 dot g02 at gmail.com
It is possible to pass a malicious expression which can be used to bypass token validation and perform CSRF attack.