CVE-2016-3082 Vulnerability in maven package org.apache.struts:struts2-core

Description

XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.

Remediation

References

http://struts.apache.org/docs/s2-031.html

http://www.securityfocus.com/bid/88826

http://www.securitytracker.com/id/1035664

Related Vulnerabilities

CVE-2019-16530 Vulnerability in maven package org.sonatype.nexus:nexus-core

CVE-2020-15262 Vulnerability in npm package webpack-subresource-integrity

CVE-2016-6797 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-http

CVE-2018-1000193 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H