ZAST.AI discovered a high severity XXE vulnerability in XWork-Core allows threat actors steal files & trigger SSRF.
The flaw was hidden in DomHelper's unconfigured SAX parser.
β‘ Discovered by ZAST.ai AI Agent β proving once again that AI-driven logic beats pattern matching.
Patch immediately (Struts2 <= 6.0.3)!
π Vulnerability reports: https://cwiki.apache.org/confluence/display/WW/S2-069
Top comments (0)