Vulnerability
Apache Struts is an open-source project of the Apache Software Foundation in the United States. An unintentional expression in a Freemarker tag( that exists in Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1) instead of string literals can lead to a remote code execution attack.
Mitigation / Precaution
- We recommend you to upgrade Apache Struts to the latest version which will contain a more restricted Freemarker configuration.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
