CVE-2021-31805|Apache Struts2 remote code execution vulnerability warning

News 2023-08-16 01:35:14 views: null

0x01 Vulnerability Introduction

Apache officially issued a security notice, disclosing a remote code execution vulnerability in its Struts2 framework. Vulnerability number CVE-2021-31805.

Official description, due to incomplete fixes to CVE-2020-17530 (S2-061). Attributes that cause some tags can still execute OGNL expressions, which can eventually lead to remote arbitrary code execution.

0x02 range of influence

0x03 Disposal measures

Avoid using forced OGNL evaluation on untrusted user input, and/or upgrade to Struts  2.5.30 or later to check that expression evaluation does not result in double evaluation.

Reference link: https://cwiki.apache.org/confluence/display/WW/S2-062

Guess you like

Origin blog.csdn.net/qq_18209847/article/details/124158319
Recommended
Apache Doris version 2.0.10 is officially released!
Open Source Daily | Big models go to war; big model unicorns are revealed to be selling themselves; Zhou Hongyi suggests that Google open source all its products; the largest open source AI community provides $10 million to share GPUs
Ranking
JS inheritance and monitoring
[ProblemSolving][Ubuntu][LyX] The selected document class ... requires external files that are not available...
Java threads sharing static variable
balancap/SSD-Tensorflow使用及训练预测自己的数据集
Detailed core ES6
JS --- reverse traversal achieved Array array, the array is connected string
How to Uninstall (or Reinstall) Windows 10’s Ubuntu Bash Shell
Linux modify the hostname method
Charging Specification BC v1.2
node的性能和java对比分析
Daily
More
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)

Code World

© 2018 codetd.com