CVE-2013-4316
EPSS 6.2%Code injection in Apache Struts
Published: 5/17/2022Modified: 12/6/2024
Description
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
Affected packages (2)
- Maven/org.apache.struts:struts2-core>= 2.0.0, < 2.3.15.2
- Maven/org.apache.struts:struts2-rest-plugin>= 2.0.0, < 2.3.15.2
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4316
- PATCHhttps://github.com/apache/struts
- WEBhttp://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
- WEBhttps://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1
- WEBhttps://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4
- WEBhttp://struts.apache.org/release/2.3.x/docs/s2-019.html