Apache Struts 2.x before 22.214.171.124, 2.3.24.x before 126.96.36.199, and 2.3.28.x before 188.8.131.52, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
Not Vulnerable. This issue affects Struts 2 only; it does not affect the versions of struts as shipped with various Red Hat products.
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).