Server side object manipulation in Apache Struts

CVE-2010-1870 → View on GitHub ↗ View on CVE.org ↗ View on NVD ↗

Description

OGNL provides, among other features, extensive expression evaluation capabilities. This vulnerability allows a malicious user to bypass the '#'-usage protection built into the ParametersInterceptor, thus being able to manipulate server side context objects. This behavior was already addressed in S2-003, but it turned out that the resulting fix based on whitelisting acceptable parameter names closed the vulnerability only partially.

Basic information

Type
reviewed
Severity
medium
Advisory on GitHub
Open advisory ↗
Repository advisory
Source code
Browse source ↗
Published (advisory)
2022-05-13 01:14:26 UTC
Updated
2023-08-26 05:02:34 UTC
GitHub reviewed
2022-11-03 19:11:38 UTC
NVD published
2010-08-17 20:00:00 UTC

EPSS Score

Score Percentile
92.53% 99.73%

CVSS Scores

No CVSS scores in this advisory.

Identifiers

Type Value
GHSA GHSA-x5fc-pgpx-59j5 ↗
CVE CVE-2010-1870 ↗

Affected packages (1)

Vulnerable version ranges and first patched releases as published by GitHub.

Ecosystem Package Vulnerable range First patched Vulnerable functions
maven org.apache.struts:struts2-core < 2.2.1 2.2.1

References

cvelogic Threat Intelligence