Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4582

adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)

    XMLWordPrintableJSON

    Details

      Description

      Hi,

      This is a permanent patch for security issue CVE-2014-0094; this adds 'class' to exclude params in ParametersInterceptor (avoid ClassLoader manipulation)

      This is base on the information in the S2-020

      This close also the CVE-2014-0112, CVE-2014-0113 and CVE-2014-0116

        Attachments

          Activity

            People

            • Assignee:
              lukaszlenart Lukasz Lenart
              Reporter:
              victorsosa victorsosa
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: