Apache Struts vulnerable to possible DoS attack when using URLValidator
Moderate severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Jan 4, 2024
Package
Affected versions
>= 2.5.0, < 2.5.13
Patched versions
2.5.13
Description
Published by the National Vulnerability Database
Sep 20, 2017
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Nov 3, 2022
Last updated
Jan 4, 2024
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
References