Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.0.8
-
None
-
Important
Description
All user input, for example entered through a form, is evaluated as an OGNL expression.
This leads to a remote exploit of possible malicious code execution of any kind, such as server shutdown or information theft.
Moreover, it can lead to a DoS problem:
On a form with:
<s:textfield name="xxx">
if the user enters %
as the value then com/opensymphony/xwork2/util/TextParseUtil.translateVariables enters an infinite loop eating about 1GB of ram in one second on my server.
Attachments
Attachments
Issue Links
- is related to
-
WW-2107 Arbitrary user-submitted OGNL possible when using JSP EL or FreeMarker
- Closed