Vulnerability: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution

In Struts 2 before 2.3.15.1 the information following “action:”, “redirect:”, or “redirectAction:” is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.

Impact

This vulnerability can lead to remote code execution, allowing attackers to take control of the affected system.

Severity

critical

Verified

Unknown