Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 91.5%.
Code Injection
Apache
RCE
Struts
NVD
Exploit-DB
CVSS 2.0
9.3
EPSS
91.5%
Threat
6.1
{}" and "%{}" sequences, which causes the OGNL code to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 83.0%.
Code Injection
Apache
RCE
Struts
NVD
CVSS 2.0
9.3
EPSS
83.0%
Threat
4.4