0.959 High
EPSS
Percentile
99.5%
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
bugzilla.redhat.com/show_bug.cgi?id=1348253
struts.apache.org/docs/s2-041.html