CVE-2020-17530 - Apache Struts Remote Code Execution Vulnerability
Project:Apache
Product:Struts
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Apache Struts Remote Code Execution Vulnerability
Description
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-17530