Описание
Special top object can be used to access Struts' internals
ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patched in Struts 2.3.24.1.
Пакеты
org.apache.struts:struts2-core
< 2.3.24.1
2.3.24.1
Связанные уязвимости
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulat ...
Уязвимость реализации интерфейса ValueStack программной платформы Apache Struts, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных