Findings for SCA, Critical, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Arbitrary Command Execution (#1818) · Issues · Administrator / ticket

Findings for SCA, Critical, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Arbitrary Command Execution

Created by: armorcodegithubpreprod[bot]

Findings for SCA, Critical, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Arbitrary Command Execution

Component Details

Exploit Maturity: mature
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >[2,2.3.20.2),[2.3.24,2.3.24.3),[2.3.28,2.3.28.1)
Vulnerable Path: >null

Overview

org.apache.struts:struts2-core Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and 2.3.28.x before 2.3.28.1, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

References

NVD Snyk Project Status: Active