|Apache Struts 2 Documentation > Home > Security Bulletins > S2-007|
User input is evaluated as an OGNL expression when there's a conversion error
|Who should read this||All Struts 2 developers|
|Impact of vulnerability||Remote Code Execution|
|Maximum security rating||Important|
|Recommendation||Developers should either upgrade to Struts 184.108.40.206 or apply the configuration changes described below|
|Affected Software||Struts 2.0.0 - Struts 2.2.3|
|Original JIRA Tickets||WW-3668|
|Reporter|| Hideyuki Suzumi
User input is evaluated as an OGNL expression when there's a conversion error. This allows a malicious user to execute arbitrary code.
A more detailed description is found in the referenced JIRA ticket.
Upgrade to Struts 220.127.116.11.