The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to “compromise internal state of an application” via unspecified vectors.
The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to “compromise internal state of an application” via unspecified vectors.