pkg:maven/org.apache.struts.xwork/xwork-core
Type
maven
Namespace
org.apache.struts.xwork
Name
xwork-core
Known advisories, vulnerabilities and fixes for org.apache.struts.xwork/xwork-core package.
High
9
Moderate
6
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 2.2.3.1 |
CVE-2012-0392
|
MAVEN:GHSA-2PPP-XJ34-VVF7 | Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0392
|
MAVEN:GHSA-2PPP-XJ34-VVF7 | Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Affected | >= 2.3.20, <= 2.3.28.1 |
CVE-2016-4430
|
MAVEN:GHSA-38QW-J787-V8C2 | Apache Struts CSRF Vulnerability | high |
2022-05-17T00:29:27
(2 years ago) |
|
Fixed | = 2.3.29 |
CVE-2016-4430
|
MAVEN:GHSA-38QW-J787-V8C2 | Apache Struts CSRF Vulnerability | high |
2022-05-17T00:29:27
(2 years ago) |
|
Affected | < 2.2.3.1 |
CVE-2012-0391
|
MAVEN:GHSA-4WRR-9H5R-M92W | Apache Struts Remote Java Code Execution | high |
2022-05-04T00:29:43
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0391
|
MAVEN:GHSA-4WRR-9H5R-M92W | Apache Struts Remote Java Code Execution | high |
2022-05-04T00:29:43
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.14.2 |
CVE-2013-1966
|
MAVEN:GHSA-737W-MH58-CXJP | Arbitrary code execution in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Fixed | = 2.3.14.2 |
CVE-2013-1966
|
MAVEN:GHSA-737W-MH58-CXJP | Arbitrary code execution in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.14.2 |
CVE-2013-2115
|
MAVEN:GHSA-7GHM-RPC7-P7G5 | Code injection in Apache Struts | high |
2022-05-13T01:16:08
(2 years ago) |
|
Fixed | = 2.3.14.2 |
CVE-2013-2115
|
MAVEN:GHSA-7GHM-RPC7-P7G5 | Code injection in Apache Struts | high |
2022-05-13T01:16:08
(2 years ago) |
|
Affected | < 2.2.2 |
CVE-2011-2088
|
MAVEN:GHSA-9CCM-G362-2R35 | XWork in Apache Struts Reveals Sensitive Information | moderate |
2022-05-14T02:55:17
(2 years ago) |
|
Fixed | = 2.2.2 |
CVE-2011-2088
|
MAVEN:GHSA-9CCM-G362-2R35 | XWork in Apache Struts Reveals Sensitive Information | moderate |
2022-05-14T02:55:17
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.14.3 |
CVE-2013-2134
|
MAVEN:GHSA-GQQM-564F-VVXQ | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:02
(2 years ago) |
|
Fixed | = 2.3.14.3 |
CVE-2013-2134
|
MAVEN:GHSA-GQQM-564F-VVXQ | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:02
(2 years ago) |
|
Affected | < 2.3.18 |
CVE-2012-0394
|
MAVEN:GHSA-HMVJ-GC9Q-MG9P | Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Fixed | = 2.3.18 |
CVE-2012-0394
|
MAVEN:GHSA-HMVJ-GC9Q-MG9P | Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.4.1 |
CVE-2012-4387
|
MAVEN:GHSA-HRGC-54MV-58GV | Denial of service in Apache Struts | moderate |
2022-05-17T01:42:17
(2 years ago) |
|
Fixed | = 2.3.4.1 |
CVE-2012-4387
|
MAVEN:GHSA-HRGC-54MV-58GV | Denial of service in Apache Struts | moderate |
2022-05-17T01:42:17
(2 years ago) |
|
Affected | < 2.2.3.1 |
CVE-2012-0393
|
MAVEN:GHSA-HXQQ-W4MR-MC62 | Apache Struts's ParameterInterceptor component does not prevent access to public constructors | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0393
|
MAVEN:GHSA-HXQQ-W4MR-MC62 | Apache Struts's ParameterInterceptor component does not prevent access to public constructors | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Affected | < 2.2.3.1 |
CVE-2012-0838
|
MAVEN:GHSA-MWRX-HX6X-3HHV | Apache Struts Code injection due to conversion error | high |
2022-05-14T01:51:59
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0838
|
MAVEN:GHSA-MWRX-HX6X-3HHV | Apache Struts Code injection due to conversion error | high |
2022-05-14T01:51:59
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.14.3 |
CVE-2013-2135
|
MAVEN:GHSA-PW8R-X2QM-3H5M | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:01
(2 years ago) |
|
Fixed | = 2.3.14.3 |
CVE-2013-2135
|
MAVEN:GHSA-PW8R-X2QM-3H5M | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:01
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.20.1 |
CVE-2015-1831
|
MAVEN:GHSA-Q2CG-XF9P-H457 | Incomplete exclude pattern in Apache Struts | high |
2022-05-17T00:50:08
(2 years ago) |
|
Fixed | = 2.3.20.1 |
CVE-2015-1831
|
MAVEN:GHSA-Q2CG-XF9P-H457 | Incomplete exclude pattern in Apache Struts | high |
2022-05-17T00:50:08
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.16.2 |
CVE-2014-0094
|
MAVEN:GHSA-VRWC-QJMW-5RJM | ClassLoader manipulation in Apache Struts | moderate |
2022-05-14T00:54:15
(2 years ago) |
|
Fixed | = 2.3.16.2 |
CVE-2014-0094
|
MAVEN:GHSA-VRWC-QJMW-5RJM | ClassLoader manipulation in Apache Struts | moderate |
2022-05-14T00:54:15
(2 years ago) |
|
Affected | >= 2.3.20, <= 2.3.28.1 |
CVE-2016-4433
|
MAVEN:GHSA-WM8W-QP2F-728Q | Apache Struts Open Redirect | high |
2022-05-17T02:16:00
(2 years ago) |
|
Fixed | = 2.3.29 |
CVE-2016-4433
|
MAVEN:GHSA-WM8W-QP2F-728Q | Apache Struts Open Redirect | high |
2022-05-17T02:16:00
(2 years ago) |