You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2018/08/27 11:47:00 UTC
[jira] [Commented] (STR-3225) Want confiramtion CVE: CVE-2018-11776
vulnerability is also impacted Struts1.x ?
[ https://issues.apache.org/jira/browse/STR-3225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16593548#comment-16593548 ]
Lukasz Lenart commented on STR-3225:
------------------------------------
Struts 1 is EOL and we do not perform any tests against this version. In theory this version should not be impacted as it doesn't relay on OGNL.
> Want confiramtion CVE: CVE-2018-11776 vulnerability is also impacted Struts1.x ?
> ---------------------------------------------------------------------------------
>
> Key: STR-3225
> URL: https://issues.apache.org/jira/browse/STR-3225
> Project: Struts 1
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.3.10
> Environment: Linux + Apache tomcat 9.0.5+ struts 1.3.10
> Reporter: sushil
> Priority: Major
> Fix For: Pending Review
>
>
> Our Product released stop because Struts is impacted of CVE-2018-11776 .So we need confirmation is also impacted struts 1.3.10 if so do we have any workaround for same.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)