High
Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by an error when using results with no namespace and its upper action configurations have no wildcard namespace. An attacker could exploit this vulnerability to execute arbitrary code on the system.
Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using the Struts REST plugin with XStream handler. An attacker could exploit this vulnerability to execute arbitrary code on the system.
Apache
Refer to Apache Struts Advisory for patch, upgrade or suggested workaround information.
CVE-2020-17530
CVE-2018-11776
CVE-2017-9805