Apache Struts Remote Code Execution Vulnerability
Overdue
Apache / Struts
CWE-917
Description
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
Required Action
Apply updates per vendor instructions.
Additional Information
- Catalog Version
- 2025.01.24
- Catalog Released
- Jan. 24, 2025
- Days Until Due
- 0 days
- Last Updated
- 6 months ago