Apache Struts security advisory S2-009
Description
OGNL provides, among other features, extensive expressionevaluation capabilities. The vulnerability allows a malicious user to bypass all the protections (regex pattern, deny method invocation) built into the ParametersInterceptor, thus being able to inject a malicious expression in any exposed string variable for further evaluation.
Affected Applications
Apache Struts