CVE-2013-2251: Arbitrary OGNL code execution via crafted parameters

July 19, 2013 (updated September 21, 2017)

This package allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted action:, redirect:, or redirectAction: prefix.

References

struts.apache.org/docs/s2-016.html

Detect and mitigate CVE-2013-2251 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →