Tag
struts2-ognl-rce
Safeguard articles tagged "struts2-ognl-rce" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
Struts2 OGNL injection RCE (CVE-2018-11776)
CVE-2018-11776 lets remote attackers achieve full RCE in Apache Struts2 via OGNL injection in URL namespaces. Impact, timeline, and fixes inside.
Jan 18, 20267 min read
Vulnerability Analysis
CVE-2019-0230: OGNL remote code execution in Apache Struts2
CVE-2019-0230 lets attackers chain forced double OGNL evaluation in Struts2 tag attributes into remote code execution. Here's what's affected, the CVSS/EPSS context, and how to remediate it.
Oct 1, 20258 min read