CVE-2019-0230
published 2020-09-14CVE-2019-0230: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | struts | 2.0.0 – 2.5.20 | — |
| oracle | communications_policy_management | — | — |
| oracle | financial_services_data_integration_hub | — | — |
| oracle | financial_services_data_integration_hub | — | — |
| oracle | financial_services_market_risk_measurement_and_management | — | — |
| oracle | mysql_enterprise_monitor | <= 8.0.23 | — |