- What is the severity of CVE-2021-36739?
- CVE-2021-36739 has been scored as a medium severity vulnerability.
- How to fix CVE-2021-36739?
- As a workaround for remediating CVE-2021-36739: If a project was generated from the affected maven archetype using a command like the following: mvn archetype:generate \ -DarchetypeGroupId=org.apache.portals.pluto.archetype \ -DarchetypeArtifactId=mvcbean-jsp-portlet-archetype \ -DarchetypeVersion=3.1.0 \ -DgroupId=com.mycompany \ -DartifactId=com.mycompany.my.mvcbean.jsp.portlet Then developers must fix the generated greeting.jspx file by escaping the rendered values submitted to the "First Name" and "Last Name" fields. For example, change: ${user.firstName} ${user.lastName}! To: ${mvc.encoders.html(user.firstName)} ${mvc.encoders.html(user.lastName)}! Moving forward, all such projects should be generated from version 3.1.1 of the Maven archetype.
- Is CVE-2021-36739 being actively exploited in the wild?
- It is possible that CVE-2021-36739 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~16% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2021-36739?
- CVE-2021-36739 affects Apache Software Foundation Apache Portals.