Apache Struts Remote Code Execution Vulnerability S2-062 (CVE-2021-31805) Alert
April 14, 2022
Overview On April 13, 2022, NSFOCUS CERT detected that Struts officially issued a security notice and fixed a remote code execution vulnerability S2-062 (CVE-2021-31805). This vulnerability is not fully repaired for S2-061. When developers use the %{…} syntax to force OGNL parsing, there are still some special TAG attributes that can be parsed twice; attackers […]
Struts S2-059, S2-060 Vulnerabilities (CVE-2019-0230, CVE-2019-0233) Threat Alert
September 11, 2020
Overview
On August 13, 2020, Beijing time, Struts issued a new security bulletin to announce the fix of two vulnerabilities. S2-059 (CVE-2019-0230) is a possible remote code execution vulnerability, and S2-060 (CVE-2019-0233) is a denial-of-service vulnerability.
The two vulnerabilities were fixed in Struts 2.5.22 released in November 2019. Users are advised to upgrade as soon as possible.
Bulletin link: https://struts.apache.org/announce.html#a20200813
(more…)