Overview On December 8, 2020, Struts released a security bulletin disclosing a potential remote code execution vulnerability (CVE-2020-17530) in S2-061. The vulnerability stems from insufficient input validation. This results in two forced Object Graph Navigation Library (OGNL) evaluations when the original user input is calculated. When the OGNL expression is...
