CVE-2019-0230

Critical

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code…

apache·CWE-1321·Published 2020-09-14

CVSS

9.8

EPSS

0.97

KEV

Exploits

cve.orgen

147 chars

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

NVDen

147 chars

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

OSV.deven

147 chars

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

GHSAen

147 chars

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

NVDes

216 chars

Apache Struts versiones 2.0.0 hasta 2.5.20, forzó una evaluación OGNL doble, cuando se evaluaba en la entrada del usuario sin procesar en los atributos de la etiqueta, puede conllevar a una ejecución de código remota

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H