-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.struts:struts2-core | maven | < 2.3.20.3 | 2.3.20.3 |
| org.apache.struts:struts2-core | maven | >= 2.3.24, < 2.3.24.3 | 2.3.24.3 |
| org.apache.struts:struts2-core | maven | >= 2.3.28, < 2.3.28.1 | 2.3.28.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from XSLTResult's handling of stylesheet locations via request parameters. The advisory explicitly states XSLTResult's parameter injection flaw (CWE-20) allows remote code execution. The execute() method would be responsible for processing the transformation using the user-supplied parameter. While exact line numbers aren't available, the class/method structure and vulnerability pattern match Struts' XSLTResult implementation.
A Semantic Attack on Google Gemini - Read the Latest Research