Description
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
Remediation
References
http://struts.apache.org/docs/s2-031.html
http://www.securityfocus.com/bid/88826
http://www.securitytracker.com/id/1035664
Related Vulnerabilities
CVE-2022-39248 Vulnerability in maven package org.matrix.android:matrix-android-sdk2
CVE-2021-37701 Vulnerability in npm package tar
CVE-2023-29519 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui
CVE-2021-23568 Vulnerability in npm package extend2
CVE-2023-30543 Vulnerability in npm package @web3-react/coinbase-wallet