Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
{ "nvd_published_at": "2013-07-10T19:55:00Z", "cwe_ids": [ "CWE-94" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-11-03T22:54:13Z" }