Apache Struts 2.x prior to 2.3.29 allows remote malicious users to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache struts |
||
netapp oncommand balance - |