All vulnerabilities
CVE-2019-0230
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Description
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
9.8
Severity
Critical
Ecosystem
Java
Publish Date
December 2, 2021
Modified Date
November 7, 2023
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions
