Miggo Logo

CVE-2021-31805: Expression Language Injection in Apache Struts

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.9987%
Published
4/13/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.struts:struts2-coremaven>= 2.0.0, < 2.5.302.5.30

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from incomplete prevention of double OGNL evaluation in forced evaluation scenarios (%{...}). Key functions were identified through: 1) Historical context from S2-061/CVE-2020-17530 fixes in Component.java 2) Struts architecture where tag attribute processing flows through Component.findValue() 3) TextParseUtil's role in expression interpolation 4) Advisory emphasis on forced evaluation bypassing previous mitigations. These functions represent the OGNL evaluation entry points that would appear in stack traces during exploitation attempts.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *ix issu** *or *V*-****-***** w*s in*ompl*t*. So *rom *p**** Struts *.*.* to *.*.**, still som* o* t** t**’s *ttri*ut*s *oul* p*r*orm * *ou*l* *v*lu*tion i* * **v*lop*r *ppli** *or*** O*NL *v*lu*tion *y usin* t** %{...} synt*x. Usin* *or*** O*NL

Reasoning

T** vuln*r**ility st*ms *rom in*ompl*t* pr*v*ntion o* *ou*l* O*NL *v*lu*tion in *or*** *v*lu*tion s**n*rios (%{...}). K*y *un*tions w*r* i**nti*i** t*rou**: *) *istori**l *ont*xt *rom `S*-***/*V*-****-*****` *ix*s in `*ompon*nt.j*v*` *) Struts *r**it