CVE-2019-0230: struts2: possible RCE due to forced double OGNL evaluation when evaluated on raw user input in tag attributes

Severity: Critical

CVSS Score: 9.8

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.