Loading
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
Use CWE-20, Apache vendor hub and Struts product page to widen CVE-2017-12611 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2020-17530, CVE-2023-50164 and CVE-2021-31805 for nearby disclosures in the same product family.