The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
WW-4805 Blocks ognl access to class members of Spring proxy
by
Randy the Sloth 2017-06-20 10:44:58 UTC
commit 4c386c663cf094a6d40d90c56c5983e14d518c26
Struts
Fix
Spring proxy DoS CVE-2017-9787
core/src/main/java/com/opensymphony/xwork2/interceptor/ChainingInterceptor.java
+2
-2
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+2
-7
core/src/main/java/com/opensymphony/xwork2/util/ProxyUtil.java
+3
-109
core/src/test/java/com/opensymphony/xwork2/spring/ActionsFromSpringTest.java
-27
core/src/test/java/com/opensymphony/xwork2/spring/SpringProxyUtilTest.java
+14
-40
core/src/test/java/com/opensymphony/xwork2/spring/TestAspect.java
-5
core/src/test/resources/com/opensymphony/xwork2/spring/actionContext-xwork.xml
+1
-5
expand_less
The Vulnerability History Project