Risk Scores
EPSS Score
94.43%
100.0th percentile
Timeline
- CVE Published
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
- Jan 18, 1970 VulnCheck XDB Entry
References
- RCE on Confluence Data Center via OGNL Injection advisory
- https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html technical
- https://portswigger.net/kb/issues/00100f20_expression-language-injection technical
- https://commons.apache.org/proper/commons-ognl/language-guide.html technical
- https://www.atlassian.com/blog/rebelutionary/misc/TSS-WebWork2.ppt technical
- https://securitylab.github.com/research/apache-struts-double-evaluation/ technical
- https://securitylab.github.com/research/ognl-injection-apache-struts/ technical
- https://securitylab.github.com/research/apache-struts-CVE-2018-11776/ technical
- https://lgtm.com/projects/g/apache/struts/snapshot/218366b4cd0d8d165f505e8b9e6f3e6bf19d9aae/files/core/src/main/java/org/apache/struts2/components/UIBean.java#L637 technical