CVE-2014-0112 (High) detected in struts2-core-2.3.1.2.jar #16

mend-for-github-com · 2020-03-25T14:52:53Z

CVE-2014-0112 - High Severity Vulnerability

Vulnerable Library - struts2-core-2.3.1.2.jar

Apache Struts 2

Path to dependency file: /tmp/ws-scm/Struts2Example/pom.xml

Path to vulnerable library: 20200325141938/downloadResource_d50070f4-1279-48e5-8366-a2fcdc735d7c/20200325145151/struts2-core-2.3.1.2.jar

Dependency Hierarchy:

❌ struts2-core-2.3.1.2.jar (Vulnerable Library)

Found in HEAD commit: 20d7b6df1b42979ec0033b63405d552a70d92b0c

Vulnerability Details

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.

Publish Date: 2014-04-29

URL: CVE-2014-0112

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-0112

Release Date: 2014-04-29

Fix Resolution: 2.3.16.2

Check this box to open an automated fix PR

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 25, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2014-0112 (High) detected in struts2-core-2.3.1.2.jar #16

CVE-2014-0112 (High) detected in struts2-core-2.3.1.2.jar #16

mend-for-github-com bot commented Mar 25, 2020

CVE-2014-0112 (High) detected in struts2-core-2.3.1.2.jar #16

CVE-2014-0112 (High) detected in struts2-core-2.3.1.2.jar #16

Comments

mend-for-github-com bot commented Mar 25, 2020

CVE-2014-0112 - High Severity Vulnerability