Child pages
  • S2-053

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
html
html
<@s.hidden name="redirectUri" value=redirectUri />
<@s.hidden name="redirectUri" value="${redirectUri}" />
<@s.hidden name="${redirectUri}"/>

In both cases a writable property is used in the value attribute and in both cases this is threatened as an expression by Freemarker. Please be aware that using Struts expression evaluation style is safe:

Code Block
html
html
<@s.hidden name="redirectUri" value="%{redirectUri}" />
<@s.hidden name="%{redirectUri}"/>

Solution

Do not use such constructions in your code or use read-only properties to initialise the value attribute (property with getter only). You can upgrade to Apache Struts version 2.5.12 or 2.3.34 which contain more restricted Freemarker configuration but removing vulnerable constructions is preferable.

...