Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Can I update only Struts on a Crowd 4.2 server due to CVE-2020-17530?

Chris Hardie January 22, 2021

It seems Crowd 4.2 uses Struts version 2.5.17 and CVE-2020-17530 states that anything less that 2.5.26 is vulnerable to remote code execution attacks. I do not know if forced OGNL evaluation is used or not but I am being told to update. Is there a documented way to update Struts only on Crowd servers?

0 answers

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events