No analysis available yet.
Vendor Workaround
Avoid using forced OGNL evaluation on untrusted user input, and/or upgrade to Struts 2.5.30 which checks if expression evaluation won’t lead to the double evaluation. Please read our Security Bulletin S2-062 for more details.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-v8j6-6c2r-r27c | Expression Language Injection in Apache Struts |
No history.
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-03T23:10:30.193Z
Reserved: 2021-04-26T00:00:00.000Z
Link: CVE-2021-31805
No data.
Status : Modified
Published: 2022-04-12T16:15:08.133
Modified: 2026-06-17T03:52:15.950
Link: CVE-2021-31805
OpenCVE Enrichment
No data.
-
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Github GHSA