Server side object manipulation in Apache Struts
Moderate severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Aug 26, 2023
Description
Published by the National Vulnerability Database
Aug 17, 2010
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Nov 3, 2022
Last updated
Aug 26, 2023
OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in S2-003, but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.
References