CVE Database · CVE-2019-0230
CVSS v3.1
9.8
EPSS
97.40%
Published
Sep 14, 2020
Modified
Nov 21, 2024
Public PoC / Exploit (3)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (6)
References (18)