Vulnerability: Apache Struts <=2.5.20 - Remote Code Execution

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the affected server.

Severity

critical

Verified

Unknown