An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS00cWdqLTltdmctMzkyOc4AAWri

Special top object can be used to access Struts' internals

ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patched in Struts

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 8 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Identifiers: GHSA-4qgj-9mvg-3929, CVE-2015-5209

Affected Packages

Versions: <
Fixed in: