{"id":"CVE-2019-0230","details":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.","aliases":["GHSA-wp4h-pvgw-5727"],"modified":"2026-04-10T04:08:27.696863Z","published":"2020-09-14T17:15:09.933Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"},{"type":"ADVISORY","url":"https://cwiki.apache.org/confluence/display/ww/s2-059"},{"type":"REPORT","url":"https://launchpad.support.sap.com/#/notes/2982840"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/struts","events":[{"introduced":"2c0a197cea8fdc7d8cda5eeaa15a1c76507ac0a5"},{"last_affected":"96c38b27e432659bc1424b0f089dbf77ace961a2"}],"database_specific":{"versions":[{"introduced":"2.0.0"},{"last_affected":"2.5.20"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.23"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0230.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}