CVE-2021-31805— Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-31805
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.
Source: NVD (National Vulnerability Database)
Vulnerability Description
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
表达式语言语句中使用的特殊元素转义处理不恰当(表达式语言注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Struts 2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Struts 2是美国阿帕奇(Apache)基金会的一个用于开发Java EE网络应用程序的开放源代码网页应用程序架构。 Apache Struts 2.0.0版本至2.5.29版本存在安全漏洞,该漏洞源于对不受信任的用户输入在标签属性中使用强制 OGNL 评估。攻击者可利用该漏洞进行远程代码执行并导致安全性降低。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Struts | 2.0.0 to 2.5.29 | - |
II. Public POCs for CVE-2021-31805
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | 远程代码执行S2-062 CVE-2021-31805验证POC | https://github.com/pyroxenites/s2-062 | POC Details |
| 2 | S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE | https://github.com/Wrin9/CVE-2021-31805 | POC Details |
| 3 | Apache Struts2 S2-062远程代码执行漏洞(CVE-2021-31805) | 反弹Shell | https://github.com/Axx8/Struts2_S2-062_CVE-2021-31805 | POC Details |
| 4 | Apache Struts2 S2-062远程代码执行漏洞(CVE-2021-31805) 支持批量扫描漏洞及漏洞利用 | https://github.com/jax7sec/S2-062 | POC Details |
| 5 | PoC for CVE-2021-31805 (Apache Struts2) | https://github.com/aeyesec/CVE-2021-31805 | POC Details |
| 6 | Apache Struts2 S2-062(CVE-2021-31805)远程代码执行批量检测(无利用) | https://github.com/fleabane1/CVE-2021-31805-POC | POC Details |
| 7 | S2-061/S2-062 Struts2 远程命令执行漏洞 POC&EXP | https://github.com/z92g/CVE-2021-31805 | POC Details |
| 8 | Vulnerable environment of CVE-2021-31805 (S2-062) for testing | https://github.com/nth347/CVE-2021-31805 | POC Details |
| 9 | Apache Struts2 S2-062 is vulnerable to remote code execution. The fix issued for CVE-2020-17530 (S2-061) was incomplete, meaning some of the tag's attributes could still perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-31805.yaml | POC Details |
| 10 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Struts2%20S2-062%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2021-31805.md | POC Details |
| 11 | Apache Struts2 S2-062远程代码执行漏洞(CVE-2021-31805) | 反弹Shell | https://github.com/SecNN/Struts2_S2-062_CVE-2021-31805 | POC Details |
| 12 | Apache Struts2 S2-062(CVE-2021-31805)远程代码执行批量检测(无利用) | https://github.com/JordanANDJohn/CVE-2021-31805-POC | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-31805
请登录查看更多情报信息。
- https://cwiki.apache.org/confluence/display/WW/S2-062x_refsource_MISC
- https://security.netapp.com/advisory/ntap-20220420-0001/x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-31805
Same Patch Batch · Apache Software Foundation · 2022-04-12 · 3 CVEs total
| CVE-2021-28544 | Apache Subversion SVN authz protected copyfrom paths regression | |
| CVE-2022-24070 | Apache Subversion mod_dav_svn is vulnerable to memory corruption |
IV. Related Vulnerabilities
Same product: Apache Struts
- CVE-2025-68493
Apache Struts, Apache Struts: XXE vulnerability in outdated - CVE-2025-66675
Apache Struts: File leak in multipart request processing cau - CVE-2025-64775
Apache Struts: File leak in multipart request processing cau - CVE-2024-53677
Apache Struts: Mixing setters for uploaded files and normal - CVE-2023-50164
Apache Struts: File upload component had a directory travers
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-917
- CVE-2026-41705
Spring AI MilvusVectorStore 注入漏洞影响 1.0.x-1.1.x - CVE-2026-41883
OmniFaces: EL injection via crafted resource name in wildcar - CVE-2026-42811
Apache Polaris: could broaden vended GCS credentials through - CVE-2026-40478
Improper neutralization of specific syntax patterns for unau - CVE-2026-40477
Improper restriction of the scope of accessible objects in T
V. Comments for CVE-2021-31805
No comments yet