-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.struts:struts2-parent | maven | <= 2.0.14 | 2.1.2 |
| org.apache.struts:struts2-parent | maven | >= 2.2, <= 2.2.3 | 2.2.3.1 |
JavaJavaMiggo AIRoot Cause AnalysisThe vulnerability stems from unescaped parameter values flowing through action class getters to rendered views. While no patch code is available, the documented vulnerable parameters (name, lastName, clientName) map directly to JavaBean getters in Struts action classes based on: 1) Standard Struts convention where parameters bind to action properties, 2) The documented vulnerable endpoints matching common Struts action naming patterns, and 3) XSS exploitation requiring these getters to return unsanitized values during view rendering. Runtime detection would see these getters in stack traces when processing malicious parameters.
Ongoing coverage of React2Shell