CVE-2015-1831: Wrong excludeParams overrides those defined in DefaultExcludedPatternsChecker

July 16, 2015 (updated September 21, 2017)

The default exclude patterns (excludeParams) in this package allow remote attackers to “compromise internal state of an application” via unspecified vectors.

References

struts.apache.org/docs/s2-024.html
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1831

Detect and mitigate CVE-2015-1831 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →