CVE-2012-1592

Unrestricted Upload of File with Dangerous Type in maven/org.apache.struts/struts2-core

Identifiers

GHSA-8m5q-crqq-6pmf, CVE-2012-1592

Package Slug

maven/org.apache.struts/struts2-core

Vulnerability

Unrestricted Upload of File with Dangerous Type

Description

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

Affected Versions

All versions starting from 2.0 before 2.5.22

Solution

Upgrade to version 2.5.22 or above.

Last Modified

2022-07-25

source