Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4063

Remote code execution in Struts2 via expression language execution

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.3.14.1
    • 2.3.14.2
    • Expression Language
    • Mac OS X 10.7

    • Important

    Description

      Struts2 under certain configurations is vulnerable to remote code execution via the interpretation of EL and OGNL. Since this is I'm assuming a publicly accessible issue, please let me know if I should add a reproducer to this issue or if I should communicate this reproducer though another mechanism.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            rgielen René Gielen
            coverity_srl Coverity Security Research Laboratory
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment