pkg:maven/org.apache.struts.xwork/xwork-core
Type
maven
Namespace
org.apache.struts.xwork
Name
xwork-core
Known advisories, vulnerabilities and fixes for org.apache.struts.xwork/xwork-core package.
High
9
Moderate
6
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 2.2.3.1 |
CVE-2012-0392
|
 MAVEN:GHSA-2PPP-XJ34-VVF7
|
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
| Fixed | = 2.2.3.1 |
CVE-2012-0392
|
MAVEN:GHSA-2PPP-XJ34-VVF7
|
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
| Affected | >= 2.3.20, <= 2.3.28.1 |
CVE-2016-4430
|
MAVEN:GHSA-38QW-J787-V8C2
|
Apache Struts CSRF Vulnerability | high |
2022-05-17T00:29:27
(2 years ago) |
|
| Fixed | = 2.3.29 |
CVE-2016-4430
|
MAVEN:GHSA-38QW-J787-V8C2
|
Apache Struts CSRF Vulnerability | high |
2022-05-17T00:29:27
(2 years ago) |
|
| Affected | < 2.2.3.1 |
CVE-2012-0391
|
MAVEN:GHSA-4WRR-9H5R-M92W
|
Apache Struts Remote Java Code Execution | high |
2022-05-04T00:29:43
(2 years ago) |
|
| Fixed | = 2.2.3.1 |
CVE-2012-0391
|
MAVEN:GHSA-4WRR-9H5R-M92W
|
Apache Struts Remote Java Code Execution | high |
2022-05-04T00:29:43
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.3.14.2 |
CVE-2013-1966
|
MAVEN:GHSA-737W-MH58-CXJP
|
Arbitrary code execution in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
| Fixed | = 2.3.14.2 |
CVE-2013-1966
|
MAVEN:GHSA-737W-MH58-CXJP
|
Arbitrary code execution in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.3.14.2 |
CVE-2013-2115
|
MAVEN:GHSA-7GHM-RPC7-P7G5
|
Code injection in Apache Struts | high |
2022-05-13T01:16:08
(2 years ago) |
|
| Fixed | = 2.3.14.2 |
CVE-2013-2115
|
MAVEN:GHSA-7GHM-RPC7-P7G5
|
Code injection in Apache Struts | high |
2022-05-13T01:16:08
(2 years ago) |
|
| Affected | < 2.2.2 |
CVE-2011-2088
|
MAVEN:GHSA-9CCM-G362-2R35
|
XWork in Apache Struts Reveals Sensitive Information | moderate |
2022-05-14T02:55:17
(2 years ago) |
|
| Fixed | = 2.2.2 |
CVE-2011-2088
|
MAVEN:GHSA-9CCM-G362-2R35
|
XWork in Apache Struts Reveals Sensitive Information | moderate |
2022-05-14T02:55:17
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.3.14.3 |
CVE-2013-2134
|
MAVEN:GHSA-GQQM-564F-VVXQ
|
Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:02
(2 years ago) |
|
| Fixed | = 2.3.14.3 |
CVE-2013-2134
|
MAVEN:GHSA-GQQM-564F-VVXQ
|
Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:02
(2 years ago) |
|
| Affected | < 2.3.18 |
CVE-2012-0394
|
MAVEN:GHSA-HMVJ-GC9Q-MG9P
|
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
| Fixed | = 2.3.18 |
CVE-2012-0394
|
MAVEN:GHSA-HMVJ-GC9Q-MG9P
|
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.3.4.1 |
CVE-2012-4387
|
MAVEN:GHSA-HRGC-54MV-58GV
|
Denial of service in Apache Struts | moderate |
2022-05-17T01:42:17
(2 years ago) |
|
| Fixed | = 2.3.4.1 |
CVE-2012-4387
|
MAVEN:GHSA-HRGC-54MV-58GV
|
Denial of service in Apache Struts | moderate |
2022-05-17T01:42:17
(2 years ago) |
|
| Affected | < 2.2.3.1 |
CVE-2012-0393
|
MAVEN:GHSA-HXQQ-W4MR-MC62
|
Apache Struts's ParameterInterceptor component does not prevent access to public constructors | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
| Fixed | = 2.2.3.1 |
CVE-2012-0393
|
MAVEN:GHSA-HXQQ-W4MR-MC62
|
Apache Struts's ParameterInterceptor component does not prevent access to public constructors | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
| Affected | < 2.2.3.1 |
CVE-2012-0838
|
MAVEN:GHSA-MWRX-HX6X-3HHV
|
Apache Struts Code injection due to conversion error | high |
2022-05-14T01:51:59
(2 years ago) |
|
| Fixed | = 2.2.3.1 |
CVE-2012-0838
|
MAVEN:GHSA-MWRX-HX6X-3HHV
|
Apache Struts Code injection due to conversion error | high |
2022-05-14T01:51:59
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.3.14.3 |
CVE-2013-2135
|
MAVEN:GHSA-PW8R-X2QM-3H5M
|
Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:01
(2 years ago) |
|
| Fixed | = 2.3.14.3 |
CVE-2013-2135
|
MAVEN:GHSA-PW8R-X2QM-3H5M
|
Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:01
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.3.20.1 |
CVE-2015-1831
|
MAVEN:GHSA-Q2CG-XF9P-H457
|
Incomplete exclude pattern in Apache Struts | high |
2022-05-17T00:50:08
(2 years ago) |
|
| Fixed | = 2.3.20.1 |
CVE-2015-1831
|
MAVEN:GHSA-Q2CG-XF9P-H457
|
Incomplete exclude pattern in Apache Struts | high |
2022-05-17T00:50:08
(2 years ago) |
|
| Affected | >= 2.0.0, < 2.3.16.2 |
CVE-2014-0094
|
MAVEN:GHSA-VRWC-QJMW-5RJM
|
ClassLoader manipulation in Apache Struts | moderate |
2022-05-14T00:54:15
(2 years ago) |
|
| Fixed | = 2.3.16.2 |
CVE-2014-0094
|
MAVEN:GHSA-VRWC-QJMW-5RJM
|
ClassLoader manipulation in Apache Struts | moderate |
2022-05-14T00:54:15
(2 years ago) |
|
| Affected | >= 2.3.20, <= 2.3.28.1 |
CVE-2016-4433
|
MAVEN:GHSA-WM8W-QP2F-728Q
|
Apache Struts Open Redirect | high |
2022-05-17T02:16:00
(2 years ago) |
|
| Fixed | = 2.3.29 |
CVE-2016-4433
|
MAVEN:GHSA-WM8W-QP2F-728Q
|
Apache Struts Open Redirect | high |
2022-05-17T02:16:00
(2 years ago) |