Description
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
Remediation
References
http://struts.apache.org/development/2.x/docs/s2-012.html
http://www.securityfocus.com/bid/60082
https://bugzilla.redhat.com/show_bug.cgi?id=967655
Related Vulnerabilities
CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.commons.log
CVE-2023-6927 Vulnerability in maven package org.keycloak:keycloak-common
CVE-2023-29517 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-viewer
CVE-2019-10446 Vulnerability in maven package org.jenkins-ci.plugins:vmanager-plugin
CVE-2019-16563 Vulnerability in maven package tech.andrey.jenkins:mission-control-view