You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Raintung Li (JIRA)" <ji...@apache.org> on 2016/06/17 03:50:05 UTC
[jira] [Created] (WW-4647) Security: OGNL can change the
MemberAccess in OGNLContext
Raintung Li created WW-4647:
-------------------------------
Summary: Security: OGNL can change the MemberAccess in OGNLContext
Key: WW-4647
URL: https://issues.apache.org/jira/browse/WW-4647
Project: Struts 2
Issue Type: Bug
Components: Core Actions
Affects Versions: 2.3.20
Reporter: Raintung Li
Priority: Critical
OGNL example:
S2-029 leak:
#_memberAccess.excludedClasses=#{}.keySet()
But can direct change the _memberAccess in the OGNLContext
#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS
woo.. it can round the SecurityMemberAccess.isAccessible checking, because it change the OGNLContext member that NOT check the accessible.
Struts should be self extend the OGNLContent to make OGNLContect safe.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)