CVE-2013-2248: Allows open redirects

July 19, 2013 (updated December 30, 2016)

Multiple open redirect vulnerabilities in this package allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the redirect: or redirectAction: prefix.

References

struts.apache.org/docs/s2-017.html

Code Behaviors & Features

Detect and mitigate CVE-2013-2248 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →