2020Äê12ÔÂ8ÈÕ�£¬£¬¹ú¼ÒÐÅÏ¢Çå¾²Îó²î¹²Ïíƽ̨£¨CNVD£©ÊÕ¼ÁËApache Struts2 Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CNVD-2020-69833�£¬£¬¶ÔÓ¦CVE-2020-17530£©�¡�£¡£¹¥»÷ÕßʹÓøÃÎó²î�£¬£¬¿ÉÔÚδÊÚȨµÄÇéÐÎÏÂÔ¶³ÌÖ´ÐдúÂë�¡�£¡£ÏÖÔÚ�£¬£¬Îó²îϸ½ÚÒѹ«¿ª�£¬£¬³§ÉÌÒÑÐû²¼Éý¼¶°æ±¾ÐÞ¸´´ËÎó²î�¡�£¡£
Ò»¡¢�¡¢¡¢Îó²îÇéÐÎÆÊÎö
Struts2Êǵڶþ´ú»ùÓÚModel-View-Controller£¨MVC£©Ä£×ÓµÄjavaÆóÒµ¼¶webÓ¦Óÿò¼Ü�£¬£¬³ÉΪº£ÄÚÍâ½ÏΪʢÐеÄÈÝÆ÷Èí¼þÖÐÐļþ�¡�£¡£
2020Äê12ÔÂ8ÈÕ�£¬£¬Apache Strust2Ðû²¼×îÐÂÇ徲ͨ¸æ�£¬£¬Apache Struts2±£´æÔ¶³Ì´úÂëÖ´ÐеĸßΣÎó²î£¨CVE-2020-17530£©�¡�£¡£ÓÉÓÚStruts2»á¶ÔһЩ±êÇ©ÊôÐÔµÄÊôÐÔÖµ¾ÙÐжþ´ÎÆÊÎö�£¬£¬µ±ÕâЩ±êÇ©ÊôÐÔʹÓÃÁË `%{x}` ÇÒ `x` µÄÖµÓû§¿É¿Øʱ�£¬£¬¹¥»÷ÕßʹÓøÃÎó²î�£¬£¬¿Éͨ¹ý½á¹¹Ìض¨²ÎÊý�£¬£¬»ñµÃÄ¿µÄ·þÎñÆ÷µÄȨÏÞ�£¬£¬ÊµÏÖÔ¶³Ì´úÂëÖ´Ðй¥»÷�¡�£¡£
CNVD¶Ô¸ÃÎó²îµÄ×ÛºÏÆÀ¼¶Îª¡°¸ßÎ�£¡±�¡�£¡£
¶þ¡¢�¡¢¡¢Îó²îÓ°Ïì¹æÄ£
Îó²îÓ°ÏìµÄ²úÆ·°æ±¾°üÀ¨�£º
Struts 2.0.0-2.5.25
Èý¡¢�¡¢¡¢Îó²î´¦Àí½¨Òé
¾×ÛºÏÊÖÒÕÑÐÅÐ�£¬£¬¸ÃÎó²îµÄʹÓÃÌõ¼þ½Ï¸ß�£¬£¬ÄÑÒÔ¾ÙÐдó¹æģʹÓÃ�¡�£¡£Apache¹«Ë¾ÒÑÐû²¼ÁËа汾£¨2.5.26£©ÐÞ¸´Á˸ÃÎó²î�£¬£¬CNVD½¨ÒéÓû§ÊµÊ±Éý¼¶ÖÁ×îа汾�£º
https://cwiki.apache.org/confluence/display/WW/S2-061
¸½�£º²Î¿¼Á´½Ó�£º
https://cwiki.apache.org/confluence/display/WW/S2-061
