Name of the Vulnerable Software and Affected Versions:

Apache Struts Extras versions prior to 2

Description:

This issue involves improper output neutralization for logs in Apache Struts Extras. When using LookupDispatchAction, untrusted input may be printed to logs without filtering. This can lead to log output where part of the message appears as a separate log line, potentially confusing log consumers. The project is retired and will not receive a fix for this issue.

Recommendations:

Users are recommended to find an alternative or restrict access to the instance to trusted users.