https://bugzilla.redhat.com/show_bug.cgi?id=2074788 Bug ID: 2074788 Summary: CVE-2021-31805 Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE. Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: ahanwate(a)redhat.com CC: aileenc(a)redhat.com, chazlett(a)redhat.com, dbhole(a)redhat.com, drieden(a)redhat.com, extras-orphan(a)fedoraproject.org, ggaughan(a)redhat.com, gmalinko(a)redhat.com, janstey(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jjelen(a)redhat.com, jochrist(a)redhat.com, jwon(a)redhat.com, krathod(a)redhat.com, loleary(a)redhat.com, pjindal(a)redhat.com, puntogil(a)libero.it, spinder(a)redhat.com, theute(a)redhat.com Target Milestone: --- Classification: Other The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. https://cwiki.apache.org/confluence/display/WW/S2-062 http://www.openwall.com/lists/oss-security/2022/04/12/6 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2074788