The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote malicious users to "compromise internal state of an application" via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache struts 2.3.20 |