CVE-2013-2251: Code injection in Apache Struts
(updated )
The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with “action:” or “redirect:”, followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within forms.
In Struts 2 before 2.3.15.1 the information following “action:”, “redirect:” or “redirectAction:” is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
References
- exchange.xforce.ibmcloud.com/vulnerabilities/90392
- github.com/advisories/GHSA-47qp-8v9g-39hp
- github.com/apache/struts
- github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
- github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
- issues.apache.org/jira/browse/WW-4140
- nvd.nist.gov/vuln/detail/CVE-2013-2251
- www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251
Code Behaviors & Features
Detect and mitigate CVE-2013-2251 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →