Safeguard
Tag

ognl-injection

Safeguard articles tagged "ognl-injection" — guides, analysis, and best practices for software supply chain and application security.

8 articles

Vulnerability Analysis

Confluence OGNL Injection (CVE-2022-26134) Explained

CVE-2022-26134 is a CVSS 9.8 unauthenticated OGNL injection in Atlassian Confluence, exploited as a zero-day before the patch. Here is how the flaw works and which versions fixed it.

Jul 5, 20266 min read
Vulnerability Analysis

Confluence CVE-2021-26084 Explained: The Webwork OGNL Injection RCE

CVE-2021-26084 is an unauthenticated OGNL injection in Confluence Server and Data Center that allows remote code execution, rated CVSS 9.8. Here is the timeline, root cause, detection, and patched versions.

Jul 5, 20265 min read
Vulnerability Analysis

Apache Struts remote code execution CVE history

A decade of Apache Struts RCEs — from Equifax's CVE-2017-5638 to 2024's file-upload bypass — traced through CVSS, EPSS, KEV, and fixes.

May 4, 20267 min read
Vulnerability Analysis

Apache Struts2 RCE behind the Equifax breach (CVE-2017-5638)

CVE-2017-5638, the Apache Struts2 RCE behind the Equifax breach, exposed 147.9M records. Here's the flaw, timeline, and how to remediate it.

Jan 19, 20267 min read
Vulnerability Analysis

Struts2 OGNL injection RCE (CVE-2018-11776)

CVE-2018-11776 lets remote attackers achieve full RCE in Apache Struts2 via OGNL injection in URL namespaces. Impact, timeline, and fixes inside.

Jan 18, 20267 min read
Vulnerability Analysis

CVE-2018-11776: Remote code execution in Apache Struts2 v...

CVE-2018-11776 lets attackers achieve unauthenticated RCE in Apache Struts2 via crafted namespace/OGNL injection. Affected versions, timeline, and fixes.

Oct 1, 20257 min read
Vulnerability Analysis

CVE-2019-0230: OGNL remote code execution in Apache Struts2

CVE-2019-0230 lets attackers chain forced double OGNL evaluation in Struts2 tag attributes into remote code execution. Here's what's affected, the CVSS/EPSS context, and how to remediate it.

Oct 1, 20258 min read
Vulnerability Analysis

CVE-2020-17530: Forced OGNL evaluation RCE in Apache Struts2

CVE-2020-17530 lets attackers achieve unauthenticated RCE in Apache Struts2 via forced OGNL evaluation. Here's the scope, timeline, and how to remediate it.

Sep 30, 20257 min read
ognl-injection — Safeguard Blog