This is part of the vulnerability report. I cannot find any reference to struts in the source files. Anyone come across this issue with their totara servers?
Example: ~/moodle/lib/requirejs.php/1485535864/core/c.top+c.height/2-e/%24%7B%23foo%3D%27j%27%2C%23foo%7D.deferreddo
CVSS: 9.0
Impact/Prob: High/High
OGNL Double Evaluation Remote Code Execution
Struts2 is an open-source web application framework for Java. Struts2 (v2.0.0 -
2.3.15) is vulnerable to remote OGNL injection which leads to arbitrary Java
method execution on the target server. This is caused by insecure handling of
prefixed special parameters (action:,redirect: and redirectAction:) in
DefaultActionMapper class of Struts2.
1.1. OGNL Double Evaluation Remote Code Execution
CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:P/A:P
Impact/Probability: High/High
Struts2 is an open-source web application framework for Java. Struts2 (v2.0.0 -
2.3.15) is vulnerable to remote OGNL injection which leads to arbitrary Java
method execution on the target server. This is caused by insecure handling of
prefixed special parameters (action:,redirect: and redirectAction:) in
DefaultActionMapper class of Struts2.
here')}.action
1.1.1. Remediation
Upgrade Struts to the latest release