The Vulnerability History Project
Vulnerabilities
Insights
Curate
Tags
All
Projects
CWEs
Languages
Lessons
Severities
Subsystems
More
News
Projects We Study
How to Contribute
By the Numbers
About Us
Toggle Theme
Warning: Our website does not support Internet Explorer, please use Edge instead.
Adds option to define additional accepted/excluded patterns
Also all patterns are by default case insensitive
by
Randy the Sloth 2014-06-01 08:33:39 UTC
commit 89cbe13853a849340d740d45685e6fd14da93d9b
Struts
VCC
Improper Input Validation CVE-2015-1831
core/src/main/java/org/apache/struts2/StrutsConstants.java
-3
core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
-2
xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
-3
xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsChecker.java
+10
-8
xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
+9
-19
xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultAcceptedPatternsCheckerTest.java
-56
xwork-core/src/test/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsCheckerTest.java
-56
expand_less
The Vulnerability History Project