CVE-2020-17530: Apache Struts2 Remote Code Execution Vulnerability Alert
Vulnerability Detail
Some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the
%{...}
syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
Affected version
- Struts 2.0.0 – Struts 2.5.25
Unaffected version
- Struts 2.5.26