← Back to team overview

dhis2-devs team mailing list archive

CVE-2018-11776 struts exploit | impact to DHIS 2?


DHIS2 Dev Team,

Can you comment on the recent CVE-2018-11776<https://cwiki.apache.org/confluence/display/WW/S2-057> vulnerability in Struts 2.0 being contained in DHIS 2 (specially Version 2.25).  I did not see any recent threads about this on DHIS 2 DEV or USERS mailing lists.

Additional details on the vulnerability (and patch from Apache) is available here:  https://krebsonsecurity.com/2018/08/experts-urge-rapid-patching-of-struts-bug/?_ke=eyJrbF9lbWFpbCI6ICJtYXR0aGV3LmRvbGxhY2tlckBnbWFpbC5jb20iLCAia2xfY29tcGFueV9pZCI6ICJlN1lDM3UifQ%3D%3D

Many thanks in advance,

Follow ups