CVE-2015-5209

HIGH7.5EPSS 1.4%

Special top object can be used to access Struts' internals

發布日:2022/5/14修改日:2024/2/18

描述

ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patched in Struts 2.3.24.1.

受影響套件(1)

Maven/org.apache.struts:struts2-corefrom 0, < 2.3.24.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5209
WEBhttps://security.netapp.com/advisory/ntap-20180629-0002
WEBhttps://struts.apache.org/docs/s2-026.html