Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-04T17:44:15.965Z

Reserved: 2018-11-14T00:00:00

Link: CVE-2019-0230

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-09-14T17:15:09.933

Modified: 2024-11-21T04:16:32.927

Link: CVE-2019-0230

cve-icon Redhat

Severity : Important

Publid Date: 2020-08-13T00:00:00Z

Links: CVE-2019-0230 - Bugzilla

cve-icon OpenCVE Enrichment

No data.