Description
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Remediation
References
http://struts.apache.org/docs/s2-033.html
http://www-01.ibm.com/support/docview.wss?uid=swg21987854
http://www.securityfocus.com/bid/90960
http://www.securitytracker.com/id/1036017
https://www.exploit-db.com/exploits/39919/
Related Vulnerabilities
CVE-2020-2287 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail
CVE-2023-28628 Vulnerability in maven package lambdaisland:uri
CVE-2020-2255 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent
CVE-2018-1000107 Vulnerability in maven package org.jenkins-ci.plugins:ownership
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-core