Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
CPE | Name | Operator | Version |
---|---|---|---|
struts | ge | 2.0.0 | |
struts | lt | 2.3.14.1 | |
struts2-showcase | ge | 2.0.0 | |
struts2-showcase | le | 2.3.13 |