Apache Struts Information for VU#719225
Apache Struts2 ClassLoader allows access to class properties via request parameters
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 25 Apr 2014
A security fix release fully addressing this issue is in preparation and will be released as soon as possible.
Once the release is available, all Struts 2 users are strongly recommended to update their installations.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.