Findings for SCA, Critical, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Remote Code Execution (RCE)
Created by: armorcodegithubpreprod[bot]
Findings for SCA, Critical, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Remote Code Execution (RCE)
Component Details
- Exploit Maturity: proof-of-concept
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[2.0.0, 2.5.26)
- Vulnerable Path: >null
Overview
org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). The vulnerability exists due to improper input validation when processing certain tag's attributes. The application performs double evaluation of the code if a developer applied forced OGNL evaluation by using the %{...} syntax. A remote attacker can send a specially crafted request to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
References
Snyk Project Status: Active
Component Details
- Exploit Maturity: mature
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[2.0.0, 2.5.22)
- Vulnerable Path: >null
Overview
org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language.
Affected versions of this package are vulnerable to Remote Code Execution (RCE). Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
References
Snyk Project Status: Active