Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.1.6, 2.1.8
-
None
Description
Static parameters can be set from wildcards in the action name, so I believe they are also vulnerable to ognl method invocation security issues.
Perhaps StaticParametersInterceptor could be refactored to extend ParametersInterceptor just as ActionMappingParametersInteceptor does?
Attachments
Issue Links
- relates to
-
WW-3214 AliasInterceptor does not set setDenyMethodExecution()
- Closed