You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Maurizio Cucchiara (JIRA)" <ji...@apache.org> on 2011/09/05 17:00:12 UTC
[jira] [Closed] (WW-3668) Vulnerability: User input is evaluated as
an OGNL expression when there's a conversion error.
[ https://issues.apache.org/jira/browse/WW-3668?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maurizio Cucchiara closed WW-3668.
----------------------------------
Resolution: Fixed
Fix Version/s: 2.2.3.1
Assignee: Maurizio Cucchiara
The 2.2.3.1 version is on the way
> Vulnerability: User input is evaluated as an OGNL expression when there's a conversion error.
> ---------------------------------------------------------------------------------------------
>
> Key: WW-3668
> URL: https://issues.apache.org/jira/browse/WW-3668
> Project: Struts 2
> Issue Type: Bug
> Components: Core Interceptors
> Affects Versions: 2.2.3
> Environment: Struts 2.2.3
> Tomcat 7.0.19
> Reporter: Hideyuki Suzumi
> Assignee: Maurizio Cucchiara
> Fix For: 2.2.3.1
>
>
> 1. Run "Struts Showcase".
> 2. Click "Validation".
> 3. Click "Field Validators".
> 4. Type "<' + #application + '>" in the "Integer Validator Field".
> 5. Click "Submit".
> 6. You can get all "application" scoped variables in the "Integer Validator Field".
> Please fix ConversionErrorInterceptor and RepopulateConversionErrorFieldValidatorSupport.
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor
> 87: return "'" + value + "'";
> com.opensymphony.xwork2.validator.validators.RepopulateConversionErrorFieldValidatorSupport
> 175: fakeParams.put(fullFieldName, "'" + tmpValue[0] + "'");
> 182: fakeParams.put(fullFieldName, "'" + tmpValue + "'");
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira