https://bugzilla.redhat.com/show_bug.cgi?id=2074788
Bug ID: 2074788
Summary: CVE-2021-31805 Apache Struts: Forced OGNL evaluation,
when evaluated on raw not validated user input in tag
attributes, may lead to RCE.
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: ahanwate(a)redhat.com
CC: aileenc(a)redhat.com, chazlett(a)redhat.com,
dbhole(a)redhat.com, drieden(a)redhat.com,
extras-orphan(a)fedoraproject.org, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jjelen(a)redhat.com, jochrist(a)redhat.com,
jwon(a)redhat.com, krathod(a)redhat.com,
loleary(a)redhat.com, pjindal(a)redhat.com,
puntogil(a)libero.it, spinder(a)redhat.com,
theute(a)redhat.com
Target Milestone: ---
Classification: Other
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0
to 2.5.29, still some of the tag’s attributes could perform a double evaluation
if a developer applied forced OGNL evaluation by using the %{...} syntax. Using
forced OGNL evaluation on untrusted user input can lead to a Remote Code
Execution and security degradation.
https://cwiki.apache.org/confluence/display/WW/S2-062
http://www.openwall.com/lists/oss-security/2022/04/12/6
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2074788