Описание
Remote Code Execution in Apache Struts
XSLTResult allows for the location of a stylesheet being passed as a request parameter. In some circumstances this can be used to inject remotely executable code.
Пакеты
org.apache.struts:struts2-core
< 2.3.20.3
2.3.20.3
org.apache.struts:struts2-core
>= 2.3.24, < 2.3.24.3
2.3.24.3
org.apache.struts:struts2-core
>= 2.3.28, < 2.3.28.1
2.3.28.1
Связанные уязвимости
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.2 ...
Уязвимость реализации класса XSLTResult программной платформы Apache Struts, позволяющая нарушителю выполнить произвольный код