CVE-2016-3090
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2016-3090
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3090.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-3090
- Aliases
- Published
- 2017-10-30T14:29:00Z
- Modified
- 2025-04-20T03:18:31.893066Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
- References
Affected packages
Git / github.com/apache/struts
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/struts
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected