All vulnerabilities

CVE-2020-17530

Remote code execution in Apache Struts

Description

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
9.8
Severity
Critical
Ecosystem
Java
Publish Date
February 9, 2022
Modified Date
October 22, 2025
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
Affected Versions