CVE-2013-2251 High Severity Vulnerability detected by WhiteSource #46
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2013-2251 - High Severity Vulnerability
struts2-core-2.0.8.jar
null
path: /java_security_book/Struts2/s2_002/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.8.jar,/java_security_book/Struts2/s2_001/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.8.jar,2/repository/org/apache/struts/struts2-core/2.0.8/struts2-core-2.0.8.jar
Dependency Hierarchy:
struts2-core-2.0.11.jar
null
path: /java_security_book/Struts2/s2_005/target/struts2-archetype-starter/WEB-INF/lib/struts2-core-2.0.11.jar
Dependency Hierarchy:
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
Publish Date: 2013-07-20
URL: CVE-2013-2251
Base Score Metrics not available
Type: Upgrade version
Origin: http://struts.apache.org/release/2.3.x/docs/s2-016.html
Release Date: 2017-12-31
Fix Resolution: Developers should immediately upgrade to Struts 2.3.15.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: