Critical severityCISA KEVNVD Advisory· Published Dec 11, 2020· Updated Oct 21, 2025
CVE-2020-17530
CVE-2020-17530
Description
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts2-coreMaven | >= 2.0.0, < 2.5.26 | 2.5.26 |
Affected products
1- Apache Software Foundation/Apache Strutsv5Range: Struts 2.0.0 - Struts 2.5.25
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- jvn.jp/en/jp/JVN43969166/index.htmlghsathird-party-advisoryx_refsource_JVNWEB
- github.com/advisories/GHSA-jc35-q369-45pvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-17530ghsaADVISORY
- packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.htmlghsax_refsource_MISCWEB
- www.openwall.com/lists/oss-security/2022/04/12/6ghsamailing-listx_refsource_MLISTWEB
- cwiki.apache.org/confluence/display/WW/S2-061ghsax_refsource_CONFIRMWEB
- security.netapp.com/advisory/ntap-20210115-0005ghsaWEB
- security.netapp.com/advisory/ntap-20210115-0005/mitrex_refsource_CONFIRM
- www.cisa.gov/known-exploited-vulnerabilities-catalogghsaWEB
- www.oracle.com//security-alerts/cpujul2021.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuApr2021.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2021.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.