Apache Struts CSRF Vulnerability
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Dec 28, 2023
Package
Affected versions
>= 2.3.20, <= 2.3.28.1
Patched versions
2.3.29
Description
Published by the National Vulnerability Database
Jul 4, 2016
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Jul 31, 2023
Last updated
Dec 28, 2023
Credits
-
sunSUNQ Analyst
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.
References