Re: [Full-disclosure] [ANN] Struts 2.3.16.1 GA release available - security fix

Lukasz Lenart Thu, 06 Mar 2014 09:08:37 -0800

No, rather no. You gain access to ClassLoader.

2014-03-06 16:43 GMT+01:00 Tim <[email protected]>:
>
>> This release includes important security fixes:
>> - S2-020 - ClassLoader manipulation via request parameters
>
> What is the ultimate impact of this manipulation?  Another RCE bug?
>
> tim


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [Full-disclosure] [ANN] Struts 2.3.16.1 GA release available - security fix

Reply via email to