The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Struts
APPApache2.3.12.3.1.12.3.1.22.3.122.3.142.3.14.12.3.14.22.3.14.32.3.152.3.15.12.3.15.22.3.15.32.3.162.3.16.12.3.16.2+ 18 więcej
CISA KEV — detailsi
- Vendori
- Apache ↗
- Producti
- Struts 1
- Added to KEVi
- February 10, 2022
- Remediation deadline (US Federal)i
- August 10, 2022(overdue)
Apply updates per vendor instructions.
The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Related vulnerabilities
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution....
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect ex...
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressio...
Apache Struts: RCE przez podatność path traversal przy upload plików