Description
A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals.
Remediation
Upgrade to Struts 2.5.12 or Struts 2.3.34
References
Related Vulnerabilities
Sitecore XP TemplateParser RCE (CVE-2023-35813)
Apache Tomcat Other Vulnerability (CVE-2020-1938)
Liferay DXP Incorrect Authorization Vulnerability (CVE-2024-38002)
Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9186)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1580)