Description
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
Remediation
References
http://www.securitytracker.com/id/1036017
http://struts.apache.org/docs/s2-033.html
http://www-01.ibm.com/support/docview.wss?uid=swg21987854
http://www.securityfocus.com/bid/90960
https://www.exploit-db.com/exploits/39919/
Related Vulnerabilities
CVE-2023-33201 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk18on
CVE-2019-10293 Vulnerability in maven package org.jenkins-ci.plugins:kmap-jenkins
CVE-2023-45827 Vulnerability in npm package @clickbar/dot-diver
CVE-2022-27200 Vulnerability in maven package io.jenkins.plugins:folder-auth
CVE-2020-9482 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-web-api