CVE-2020-17530: struts2: using forced OGNL evaluation on untrusted user input can lead to a RCE and security degradation

Severity: Critical

CVSS Score: 9.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.