Struts2 S2-061 Remote Code Execution Vulnerability (CVE-2020-17530) Threat Alert
Overview On December 8, 2020, Struts released a security bulletin disclosing a potential remote code execution vulnerability (CVE-2020-17530) in S2-061. The vulnerability stems from insufficient input validation. This results in two forced Object Graph Navigation Library (OGNL) evaluations when the original user input is calculated. When the OGNL expression is forced in Struts tag attributes […]