Description
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
Remediation
References
https://struts.apache.org/docs/s2-026.html
http://www.securitytracker.com/id/1033908
http://www.securityfocus.com/bid/82550
https://security.netapp.com/advisory/ntap-20180629-0002/
Related Vulnerabilities
CVE-2022-4116 Vulnerability in maven package io.quarkus:quarkus-vertx-http-deployment
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http3:http3-qpack
CVE-2022-0512 Vulnerability in npm package url-parse
CVE-2016-6652 Vulnerability in maven package org.springframework.data:spring-data-jpa