An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Impact
An attacker may be able to use these vulnerabilities to cause a denial of service (DoS) during file uploads, and remotely run code.