CVE-2020-17530

Published: Dec 11, 2020

Modified: Oct 21, 2025

PUBLISHED

Description

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

Vendor	Product	Versions
Apache Software Foundation	Apache Struts	affected `Struts 2.0.0 - Struts 2.5.25`

References

https://cwiki.apache.org/confluence/display/WW/S2-061

x_refsource_CONFIRM

JVN#43969166

third-party-advisory

x_refsource_JVN

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210115-0005/

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpuApr2021.html

x_refsource_MISC

https://www.oracle.com//security-alerts/cpujul2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

[oss-security] 20220412 CVE-2021-31805: Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-17530

Description

Affected Products

References