Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Remote Code Execution
Created by: armorcodegithubpreprod[bot]
Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Remote Code Execution
Component Details
- Exploit Maturity: mature
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[2.3.0, 2.3.35),[2.5.0, 2.5.17)
- Vulnerable Path: >null
Overview
org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language.
Affected versions of this package are vulnerable to Remote Code Execution. When the namespace value is not set for a result defined in underlying xml configurations, and in same time, its upper action(s) configurations have no or wildcard namespace, an attacker may be able to conduct a remote code execution attack. They could also use the opportunity when using a url tag which does not have a value and action set and in same time, its upper action(s) configurations have no or wildcard namespace.
References
Snyk Project Status: Active