...
Who should read this | All Struts 2 developers |
---|---|
Impact of vulnerability | CSRF protection weakening |
Maximum security rating | Moderate |
Recommendation | Developers should either upgrade to Struts 2.3.4.1 |
Affected Software | Struts 2.0.0 - Struts 2.3.4 |
Original JIRA Tickets | |
Reporter | James K. Williams |
CVE Identifier | - |
...
As of Struts 2.3.4.1, token session attribute names are decoupled from token parameter names by namespace prefixing.
Upgrade Please upgrade to Struts 2.3.4.1.