DescriptionIn Apache Struts 2.0.0 through 2.3.33 and 2.5 through, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[wheezy] - libstruts1.2-java <ignored> (Minor issue)
Only a problem if the application programmer has made a security mistake.

Search for package or bug name: Reporting problems