exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2021-31805

почти 4 года назад

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

CVSS3: 9.8

EPSS: Критический

CVE-2021-31805

почти 4 года назад

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

CVSS3: 8.1

EPSS: Критический

CVE-2021-31805

почти 4 года назад

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.

CVSS3: 9.8

EPSS: Критический

CVE-2021-31805

почти 4 года назад

The fix issued for CVE-2020-17530 was incomplete. So from Apache Strut ...

CVSS3: 9.8

EPSS: Критический

GHSA-v8j6-6c2r-r27c

почти 4 года назад

Expression Language Injection in Apache Struts

CVSS3: 9.8

EPSS: Критический

BDU:2022-02726

почти 4 года назад

Уязвимость программной платформы Apache Struts, существующая из-за некорректной обработки выражений Object Graph Navigation Language, позволяющая нарушителю выполнить произвольный код

CVSS3: 9.8

EPSS: Критический

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.	CVSS3: 9.8	94% Критический	почти 4 года назад
CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.	CVSS3: 8.1	94% Критический	почти 4 года назад
CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.	CVSS3: 9.8	94% Критический	почти 4 года назад
CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Strut ...	CVSS3: 9.8	94% Критический	почти 4 года назад
GHSA-v8j6-6c2r-r27c Expression Language Injection in Apache Struts	CVSS3: 9.8	94% Критический	почти 4 года назад
BDU:2022-02726 Уязвимость программной платформы Apache Struts, существующая из-за некорректной обработки выражений Object Graph Navigation Language, позволяющая нарушителю выполнить произвольный код	CVSS3: 9.8	94% Критический	почти 4 года назад

Уязвимостей на страницу