Bug 28083

Summary: struts security issue CVE-2020-17530
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-17530
Whiteboard:
Source RPM: struts-1.3.10-19.mga7.src.rpm CVE: CVE-2020-17530
Status comment:

Description Zombie Ryushu 2021-01-13 15:45:31 CET 
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Zombie Ryushu 2021-01-13 15:52:48 CET

CVE: (none) => CVE-2020-17530

Comment 1 David Walser 2021-01-13 17:47:46 CET 
Clearly 1.3.10 is not between 2.0.0 and 2.5.25.

Resolution: (none) => INVALID
Status: NEW => RESOLVED