From 218ea68c1b1a63b197817ececf6d64adc7d6686d Mon Sep 17 00:00:00 2001
From: fanyunpeng <cn_2023@buaa.edu.cn>
Date: Thu, 16 Mar 2023 09:13:06 +0000
Subject: [PATCH] add cve/apache-Struts/2019/yaml/CVE-2019-0230.yaml.

Signed-off-by: fanyunpeng <cn_2023@buaa.edu.cn>
---
 .../2019/yaml/CVE-2019-0230.yaml              | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 cve/apache-Struts/2019/yaml/CVE-2019-0230.yaml

diff --git a/cve/apache-Struts/2019/yaml/CVE-2019-0230.yaml b/cve/apache-Struts/2019/yaml/CVE-2019-0230.yaml
new file mode 100644
index 00000000..e1e4a6e8
--- /dev/null
+++ b/cve/apache-Struts/2019/yaml/CVE-2019-0230.yaml
@@ -0,0 +1,24 @@
+id: CVE-2019-0230
+source: https://www.exploit-db.com/exploits/49068
+info:
+  name: Apache Struts是一个用于构建基于Java的web应用程序的模型-视图-控制器(MVC)框架。
+  severity: critical
+  description:
+    Apache Struts框架, 会对某些特定的标签的属性值，比如id属性进行二次解析，所以攻击者可以传递将在呈现标签属性时再次解析OGNL表达式，造成OGNL表达式注入。从而可能造成远程执行代码。
+  scope-of-influence:
+    Struts 2.0.0 - Struts 2.5.20
+  reference:
+    - http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
+    - https://cwiki.apache.org/confluence/display/ww/s2-059
+    - http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
+    - https://launchpad.support.sap.com/#/notes/2982840
+    - https://www.oracle.com/security-alerts/cpuApr2021.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2019-0230
+    cwe-id: CWE-1321
+    cnvd-id: None
+    kve-id: None
+  tags: 
+    - 远程命令执行