Re: [ANN] [SECURITY] Announcing CVE-2019-0230 (Possible RCE) and CVE-2019-0233 (DoS) security issues

On Thu, Aug 13, 2020 at 20:08 Zahid Rahman wrote: > Maybe I misunderstand Definitely a possibility. -- em: davelnew...@gmail.com mo: 908-380-8699 tw: @dave_newton li: dave-newton gh: davelnewton

[ANN] [SECURITY] Announcing CVE-2019-0230 (Possible RCE) and CVE-2019-0233 (DoS) security issues

Two new Struts Security Bulletins have been issued for Struts 2 by the Apache Struts Security Team: [1] S2-059 - Forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution (CVE-2019-0230) [2] S2-060 - Access permission override causing a D

[GitHub] [struts-site] rgielen merged pull request #148: Add Announcement 202008

rgielen merged pull request #148: URL: https://github.com/apache/struts-site/pull/148 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go t

[GitHub] [struts-site] rgielen opened a new pull request #148: Add Announcement 202008

rgielen opened a new pull request #148: URL: https://github.com/apache/struts-site/pull/148 The PR adds a new announcement to the Struts site This is an automated message from the Apache Git Service. To respond to the message