Arbitrary Code Injection
Affecting org.apache.struts:struts-core artifact, versions [0,]Report new vulnerabilities
org.apache.struts:struts-core is a free, open-source, MVC framework for creating Java web applications.
Affected versions of this package are vulnerable to Arbitrary Code Injection. It allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
There is no fixed version for