CVE-2008-6504: Improper Input Validation

March 23, 2009 (updated August 16, 2017)

Remote attackers could execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a # representation for the # character.

References

struts.apache.org/release/2.2.x/docs/s2-003.html
web.archive.org/web/20111023074138/http://jira.opensymphony.com/browse/XW-641
fisheye6.atlassian.com/cru/CR-9/
issues.apache.org/jira/browse/WW-2692

Code Behaviors & Features

Detect and mitigate CVE-2008-6504 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →