Miggo Logo
Miggo Vulnerability Database
CVE-2020-17530

CVE-2020-17530:
Remote code execution in Apache Struts

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-17530
GHSA ID
GHSA-jc35-q369-45pv
EPSS Score
0.99966%
CWE
CWE-94
Published
2/9/2022
Updated
2/1/2023
KEV Status
Yes
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.struts:struts2-coremaven>= 2.0.0, < 2.5.262.5.26

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is related to forced OGNL evaluation in tag attributes. The TextParseUtil class and the translateVariables method are likely to be involved in this process(). The patch for CVE-2020-17530 and CVE-2021-31805 indicates that changes were made to address this vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*or*** O*NL *v*lu*tion, w**n *v*lu*t** on r*w us*r input in t** *ttri*ut*s, m*y l*** to r*mot* *o** *x**ution.

Reasoning

T** vuln*r**ility is r*l*t** to *or*** O*NL *v*lu*tion in t** *ttri*ut*s. T** `T*xtP*rs*Util` *l*ss *n* t** `tr*nsl*t*V*ri**l*s` m*t*o* *r* lik*ly to ** involv** in t*is `pro**ss()`. T** p*t** *or `*V*-****-*****` *n* `*V*-****-*****` in*i**t*s t**t