The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
Includes action: and method: as excluded patterns and drops class
by
Randy the Sloth 2015-04-29 19:35:04 UTC
commit 5649ff1ac5a04389e3a1c8aa47ad7673a66ed48f
Struts
VCC
Remote Manipulation of Struts CVE-2015-5209
VCC
OGNL Injection CVE-2016-3090
core/src/main/resources/struts-default.xml
+12
-4
core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
+1
-3
xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+10
-2
xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
+2
-5
xwork-core/src/test/resources/xwork-param-test.xml
+1
-2
expand_less
The Vulnerability History Project