Contrast Labs: Apache Struts CVE-2020-17530

On December 8, 2020, Apache published a security bulletin providing details for CVE-2020-17530, a forced double Object-Graph Navigation Language (OGNL) evaluation vulnerability in Apache Struts 2.0.0 to 2.5.25 that provides attackers arbitrary remote execution capabilities on a victim’s server. Using the corresponding proof of concept (POC), Contrast Labs was able ... Read More

DevSecOps Poll

Step 1 of 6

What is the biggest roadblock implementing DevSecOps practices?