Apache Struts improper action name cleanup
Critical severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 4, 2024
Package
Affected versions
>= 2.0.0, < 2.3.29
>= 2.5-BETA1, < 2.5.1
Patched versions
2.3.29
2.5.1
Description
Published by the National Vulnerability Database
Oct 3, 2016
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Jan 4, 2024
Last updated
Jan 4, 2024
Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.
References