Description
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
Remediation
References
http://struts.apache.org/docs/s2-029.html
http://www.securityfocus.com/bid/85066
http://www.securitytracker.com/id/1035271
Related Vulnerabilities
CVE-2022-2564 Vulnerability in maven package org.webjars.npm:mongoose
CVE-2023-35145 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration
CVE-2022-39350 Vulnerability in npm package @dependencytrack/frontend
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2015-8854 Vulnerability in maven package org.webjars.npm:marked