Tag
ognl
Safeguard articles tagged "ognl" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Apache Struts (CVE-2017-5638) Explained: The OGNL Header That Breached Equifax
CVE-2017-5638 let attackers run commands on Apache Struts 2 servers through a crafted Content-Type header. It is the unpatched flaw behind the Equifax breach. Here is the OGNL mechanism.
Jul 2, 20265 min read
Industry Analysis
Expression Language Injection (ELI) in Java Applications
Expression language injection in Java has powered some of the decade's worst breaches, from Equifax to Confluence. Here's how OGNL and SpEL flaws actually get exploited.
Nov 8, 20257 min read