Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Command Injection
Created by: armorcodegithubpreprod[bot]
Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Command Injection
Component Details
- Exploit Maturity: mature
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[2.0.0, 2.3.20.2),[2.3.24, 2.3.24.2),[2.3.28, 2.3.28.1)
- Vulnerable Path: >null
Overview
org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language.
Affected versions of this package are vulnerable to Command Injection. When Dynamic Method Invocation was enabled, a remote attackers could execute arbitrary code via the prefix method, related to chained expressions.
References
Snyk Project Status: Active
Component Details
- Exploit Maturity: mature
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[2.0.0, 2.3.20.2),[2.3.24, 2.3.24.2),[2.3.28, 2.3.28.1)
- Vulnerable Path: >null
Overview
org.apache.struts.xwork:xwork-core is a generic command pattern framework. It forms the core of Struts 2.
Affected versions of this package are vulnerable to Command Injection. When Dynamic Method Invocation was enabled, a remote attackers could execute arbitrary code via the prefix method, related to chained expressions.
References
Snyk Project Status: Active