[
https://issues.apache.org/jira/browse/WW-3668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13079913#comment-13079913
]
Philip Luppens commented on WW-3668:
------------------------------------
Thank you for bringing this to our attention. However, we must stress that it's
not considered a good practice to report vulnerabilities 'in the open'. There
are special email addresses for reporting security issues, so that they can be
investigated (and resolved) before publication of the vulnerability.
> Vulnerability: User input is evaluated as an OGNL expression when there's a
> conversion error.
> ---------------------------------------------------------------------------------------------
>
> Key: WW-3668
> URL: https://issues.apache.org/jira/browse/WW-3668
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.2.3
> Environment: Struts 2.2.3
> Tomcat 7.0.19
> Reporter: Hideyuki Suzumi
>
> 1. Run "Struts Showcase".
> 2. Click "Validation".
> 3. Click "Field Validators".
> 4. Type "<' + #application + '>" in the "Integer Validator Field".
> 5. Click "Submit".
> 6. You can get all "application" scoped variables in the "Integer Validator
> Field".
> Please fix ConversionErrorInterceptor and
> RepopulateConversionErrorFieldValidatorSupport.
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor
> 87: return "'" + value + "'";
> com.opensymphony.xwork2.validator.validators.RepopulateConversionErrorFieldValidatorSupport
> 175: fakeParams.put(fullFieldName, "'" + tmpValue[0] +
> "'");
> 182: fakeParams.put(fullFieldName, "'" + tmpValue + "'");
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
