Description
A possible Remote Code Execution attack when using an unintentional expression in Freemarker tag instead of string literals.
Remediation
Upgrade to Struts 2.5.12 or Struts 2.3.34
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-7128)
PostgreSQL Other Vulnerability (CVE-2002-1399)
Internet Information Services Other Vulnerability (CVE-1999-1148)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7947)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)