The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this can lead to remote code execution. This vulnerability is application dependant. A server side template must make an affected use of request data to render an HTML tag attribute.
3cfe28296a3b91c815100d9996280537326adc728304ac8036ea7dcb8ca37586
Apache Struts version 2.5.20 double OGNL evaluation exploit.
629df1d936ad8b71638e45b5784ce50f83296d25ceb3b4dc54087062f33fe607