Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Arbitrary Code Execution (#1882) · Issues · Administrator / ticket

Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Arbitrary Code Execution

Created by: armorcodegithubpreprod[bot]

Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Arbitrary Code Execution

Component Details

Exploit Maturity: no-known-exploit
Vulnerable Package: -
Current Version: -
Vulnerable Version(s): >[2.2.1,2.3.28.1]
Vulnerable Path: >null

Overview

org.apache.struts.xwork:xwork-core Affected versions of the package are vulnerable to Remote code Execution. The Apache Struts frameworks when forced, performs double evaluation of attributes' values assigned to certain tags so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered.

References

Apache Security Advisory

Snyk Project Status: Active