Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers

Impact of vulnerability

Remote command execution

Maximum security rating

High Critical

Recommendation

Developers should immediately upgrade to Struts 2.3.14.1

Affected Software

Struts 2.0.0 - Struts 2.3.14

Reporter

The Struts Team

CVE Identifier

CVE-2013-????

Problem

Both the s:url and s:a tag provide an includeParams attribute.

...