Apache Struts CVE-2016-3090 Input Validation Bypass Vulnerability
Description
TextParseUtil.translateVariablesevaluates a given String with OGNL. Before Struts 2.3.20, a specially crafted String incorporating ANTLR tooling can, when passed to said method, cause a remote code execution.
Affected Applications
Apache Struts