Apache Struts security advisory S2-002

description-logoDescription

For both the and the tag, it is possible to inject parameter values that do not get escaped properly when the tag's resulting URLs are constructed and rendered. The following scenarios are known:

affected-products-logoAffected Applications

Apache Struts