Description
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Remediation
References
https://struts.apache.org/docs/s2-044.html
http://www.securityfocus.com/bid/94657
https://security.netapp.com/advisory/ntap-20180629-0003/
Related Vulnerabilities
CVE-2023-40013 Vulnerability in npm package external-svg-loader
CVE-2023-26155 Vulnerability in npm package node-qpdf
CVE-2022-45397 Vulnerability in maven package org.jenkins-ci.plugins:osf-builder-suite-xml-linter
CVE-2022-21680 Vulnerability in npm package marked
CVE-2023-46131 Vulnerability in maven package org.grails:grails-databinding