advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-2ppp-xj34-vvf7] Apache Struts's CookieInterceptor component does not use the parameter-name whitelist

Open MarkLee131 opened this issue 1 year ago • 1 comments

Updates

  • Affected products
  • References

Comments add a patch commit for it:https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58. the commit-msg shows WW-3729 - Improves Strict DMI mode

MarkLee131 avatar Mar 03 '24 08:03 MarkLee131

Hey @MarkLee131, not sure I follow on this one. The tags on the commit seem to mismatch with the fixed version of the package.

darakian avatar Mar 05 '24 19:03 darakian

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Mar 21 '24 00:03 taladrane

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

taladrane avatar Apr 06 '24 00:04 taladrane