1. Home
  2. Packages
  3. maven
  4. org.apache.struts
  5. struts2-core

pkg:maven/org.apache.struts/struts2-core

Type maven
Namespace org.apache.struts
Name struts2-core

Known advisories, vulnerabilities and fixes for org.apache.struts/struts2-core package.

Repository
https://mvnrepository.com/artifact/org.apache.struts/struts2-core
Critical 11
High 23
Moderate 20
Low 1
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected < 2.3.20 CVE-2015-2992
maven MAVEN:GHSA-265R-PP83-GWW7 Cross-site Scripting in Apache Struts moderate 2022-05-24T17:09:44
(2 years ago)
Fixed = 2.3.20 CVE-2015-2992
maven MAVEN:GHSA-265R-PP83-GWW7 Cross-site Scripting in Apache Struts moderate 2022-05-24T17:09:44
(2 years ago)
Affected >= 2.0.0, < 2.5.33 >= 6.0.0, < 6.3.0.2 CVE-2023-50164
maven MAVEN:GHSA-2J39-QCJM-428W Apache Struts vulnerable to path traversal critical 2023-12-07T09:30:45
(9 months ago)
Fixed = 2.5.33 = 6.3.0.2 CVE-2023-50164
maven MAVEN:GHSA-2J39-QCJM-428W Apache Struts vulnerable to path traversal critical 2023-12-07T09:30:45
(9 months ago)
Affected >= 2.0.0, < 2.3.28 CVE-2016-2162
maven MAVEN:GHSA-2J4Q-9FFF-236J Apache Struts XSS Vulnerability moderate 2022-05-17T03:42:59
(2 years ago)
Fixed = 2.3.28 CVE-2016-2162
maven MAVEN:GHSA-2J4Q-9FFF-236J Apache Struts XSS Vulnerability moderate 2022-05-17T03:42:59
(2 years ago)
Affected < 2.2.3.1 CVE-2012-0392
maven MAVEN:GHSA-2PPP-XJ34-VVF7 Apache Struts's CookieInterceptor component does not use the parameter-name whitelist moderate 2022-05-04T00:29:43
(2 years ago)
Fixed = 2.2.3.1 CVE-2012-0392
maven MAVEN:GHSA-2PPP-XJ34-VVF7 Apache Struts's CookieInterceptor component does not use the parameter-name whitelist moderate 2022-05-04T00:29:43
(2 years ago)
Affected >= 2.0.0, < 2.3.4.1 CVE-2012-4386
maven MAVEN:GHSA-2RVH-Q539-Q33V Cross-Site Request Forgery in Apache Struts moderate 2022-05-17T01:42:17
(2 years ago)
Fixed = 2.3.4.1 CVE-2012-4386
maven MAVEN:GHSA-2RVH-Q539-Q33V Cross-Site Request Forgery in Apache Struts moderate 2022-05-17T01:42:17
(2 years ago)
Affected >= 2.0.0, <= 2.3.24.1 CVE-2016-3093
maven MAVEN:GHSA-383P-XQXX-RRMP Denial of service in Apache Struts moderate 2022-05-17T03:42:18
(2 years ago)
Fixed = 2.3.24.3 CVE-2016-3093
maven MAVEN:GHSA-383P-XQXX-RRMP Denial of service in Apache Struts moderate 2022-05-17T03:42:18
(2 years ago)
Affected < 2.3.20 CVE-2014-0113
maven MAVEN:GHSA-3C5C-XRQ4-QHR8 ClassLoader manipulation in Apache Struts high 2022-05-14T00:54:15
(2 years ago)
Fixed = 2.3.20 CVE-2014-0113
maven MAVEN:GHSA-3C5C-XRQ4-QHR8 ClassLoader manipulation in Apache Struts high 2022-05-14T00:54:15
(2 years ago)
Affected < 2.3.16 CVE-2013-6348
maven MAVEN:GHSA-3G8J-JJ54-3VJG Apache Struts is vulnerable to Cross-site Scripting moderate 2022-05-17T04:57:18
(2 years ago)
Fixed = 2.3.16 CVE-2013-6348
maven MAVEN:GHSA-3G8J-JJ54-3VJG Apache Struts is vulnerable to Cross-site Scripting moderate 2022-05-17T04:57:18
(2 years ago)
Affected < 2.3.15.1 CVE-2013-2251
maven MAVEN:GHSA-47QP-8V9G-39HP Code injection in Apache Struts high 2022-05-13T01:14:26
(2 years ago)
Fixed = 2.3.15.1 CVE-2013-2251
maven MAVEN:GHSA-47QP-8V9G-39HP Code injection in Apache Struts high 2022-05-13T01:14:26
(2 years ago)
Affected >= 6.0.0, < 6.1.2.1 < 2.5.31 CVE-2023-34396
maven MAVEN:GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion high 2023-06-14T09:30:42
(15 months ago)
Fixed = 6.1.2.1 = 2.5.31 CVE-2023-34396
maven MAVEN:GHSA-4G42-GQRG-4633 Apache Struts vulnerable to memory exhaustion high 2023-06-14T09:30:42
(15 months ago)
Affected >= 2.3.19, < 2.3.29 CVE-2016-4438
maven MAVEN:GHSA-4PRJ-VW9J-V6PR Arbitrary code execution in Apache Struts 2 critical 2022-05-14T00:54:13
(2 years ago)
Fixed = 2.3.29 CVE-2016-4438
maven MAVEN:GHSA-4PRJ-VW9J-V6PR Arbitrary code execution in Apache Struts 2 critical 2022-05-14T00:54:13
(2 years ago)
Affected < 2.3.24.1 CVE-2015-5209
maven MAVEN:GHSA-4QGJ-9MVG-3929 Special top object can be used to access Struts' internals high 2022-05-14T03:15:08
(2 years ago)
Fixed = 2.3.24.1 CVE-2015-5209
maven MAVEN:GHSA-4QGJ-9MVG-3929 Special top object can be used to access Struts' internals high 2022-05-14T03:15:08
(2 years ago)
Affected < 2.2.3.1 CVE-2012-0391
maven MAVEN:GHSA-4WRR-9H5R-M92W Apache Struts Remote Java Code Execution high 2022-05-04T00:29:43
(2 years ago)
Fixed = 2.2.3.1 CVE-2012-0391
maven MAVEN:GHSA-4WRR-9H5R-M92W Apache Struts Remote Java Code Execution high 2022-05-04T00:29:43
(2 years ago)
Affected < 2.2.3 CVE-2011-1772
maven MAVEN:GHSA-56F8-G68R-J699 Cross-site Scripting in Apache Struts low 2022-05-17T05:35:28
(2 years ago)
Fixed = 2.2.3 CVE-2011-1772
maven MAVEN:GHSA-56F8-G68R-J699 Cross-site Scripting in Apache Struts low 2022-05-17T05:35:28
(2 years ago)
Affected < 2.5.32 >= 6.0.0, < 6.1.2.2 >= 6.2.0, < 6.3.0.1 CVE-2023-41835
maven MAVEN:GHSA-729Q-FCGP-R5XH Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability high 2023-12-05T09:33:27
(9 months ago)
Fixed = 2.5.32 = 6.1.2.2 = 6.3.0.1 CVE-2023-41835
maven MAVEN:GHSA-729Q-FCGP-R5XH Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability high 2023-12-05T09:33:27
(9 months ago)
Affected >= 2.0.0, < 2.3.14.2 CVE-2013-1966
maven MAVEN:GHSA-737W-MH58-CXJP Arbitrary code execution in Apache Struts high 2022-05-14T00:54:15
(2 years ago)
Fixed = 2.3.14.2 CVE-2013-1966
maven MAVEN:GHSA-737W-MH58-CXJP Arbitrary code execution in Apache Struts high 2022-05-14T00:54:15
(2 years ago)
Affected >= 2.0.0, < 2.3.14.2 CVE-2013-2115
maven MAVEN:GHSA-7GHM-RPC7-P7G5 Code injection in Apache Struts high 2022-05-13T01:16:08
(2 years ago)
Fixed = 2.3.14.2 CVE-2013-2115
maven MAVEN:GHSA-7GHM-RPC7-P7G5 Code injection in Apache Struts high 2022-05-13T01:16:08
(2 years ago)
Affected >= 2.5.0, < 2.5.13 CVE-2016-8738
maven MAVEN:GHSA-86VQ-8QHC-5RQW Apache Struts vulnerable to possible DoS attack when using URLValidator moderate 2022-05-14T03:15:07
(2 years ago)
Fixed = 2.5.13 CVE-2016-8738
maven MAVEN:GHSA-86VQ-8QHC-5RQW Apache Struts vulnerable to possible DoS attack when using URLValidator moderate 2022-05-14T03:15:07
(2 years ago)
Affected >= 2.3.24, < 2.3.24.3 >= 2.0.0, < 2.3.20.3 CVE-2016-0785
maven MAVEN:GHSA-876P-4WGC-75RX Apache Struts RCE Vulnerability high 2022-05-14T00:52:12
(2 years ago)
Fixed = 2.3.24.3 = 2.3.20.3 CVE-2016-0785
maven MAVEN:GHSA-876P-4WGC-75RX Apache Struts RCE Vulnerability high 2022-05-14T00:52:12
(2 years ago)
Affected >= 2.3.21, <= 2.3.24.2 >= 2.3.25, <= 2.3.28 >= 2.3.19, <= 2.3.20.2 CVE-2016-3081
maven MAVEN:GHSA-8C6J-FFMF-Q6VM Apache Struts RCE Vulnerability high 2022-05-14T00:54:14
(2 years ago)
Fixed = 2.3.24.3 = 2.3.28.1 = 2.3.20.3 CVE-2016-3081
maven MAVEN:GHSA-8C6J-FFMF-Q6VM Apache Struts RCE Vulnerability high 2022-05-14T00:54:14
(2 years ago)
Affected >= 6.0.0, < 6.1.2.1 < 2.5.31 CVE-2023-34149
maven MAVEN:GHSA-8F6X-V685-G2XC Apache Struts vulnerable to memory exhaustion moderate 2023-06-14T09:30:42
(15 months ago)
Fixed = 6.1.2.1 = 2.5.31 CVE-2023-34149
maven MAVEN:GHSA-8F6X-V685-G2XC Apache Struts vulnerable to memory exhaustion moderate 2023-06-14T09:30:42
(15 months ago)
Affected >= 2.5.0, <= 2.5.10.1 >= 2.0.1, <= 2.3.33 CVE-2017-12611
maven MAVEN:GHSA-8FX9-5HX8-CRHM Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal critical 2018-10-16T19:35:40
(6 years ago)
Fixed = 2.5.11 = 2.3.34 CVE-2017-12611
maven MAVEN:GHSA-8FX9-5HX8-CRHM Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal critical 2018-10-16T19:35:40
(6 years ago)
Affected >= 2.0, < 2.5.22 CVE-2012-1592
maven MAVEN:GHSA-8M5Q-CRQQ-6PMF Unrestricted Upload of File with Dangerous Type in Apache Struts2 high 2022-04-23T00:40:23
(2 years ago)
Fixed = 2.5.22 CVE-2012-1592
maven MAVEN:GHSA-8M5Q-CRQQ-6PMF Unrestricted Upload of File with Dangerous Type in Apache Struts2 high 2022-04-23T00:40:23
(2 years ago)
Affected >= 2.3.7, < 2.3.33 >= 2.5.0, < 2.5.12 CVE-2017-9787
maven MAVEN:GHSA-8MR5-H28G-36QX Spring AOP functionality (Struts) vulnerable to DoS attack high 2018-10-16T19:37:07
(6 years ago)
Fixed = 2.3.33 = 2.5.12 CVE-2017-9787
maven MAVEN:GHSA-8MR5-H28G-36QX Spring AOP functionality (Struts) vulnerable to DoS attack high 2018-10-16T19:37:07
(6 years ago)
Affected >= 2.5.0, < 2.5.12 CVE-2017-7672
maven MAVEN:GHSA-9GP7-JVM2-R4MX Apache Struts Improper Input Validation vulnerability moderate 2018-10-16T19:36:43
(6 years ago)
Fixed = 2.5.12 CVE-2017-7672
maven MAVEN:GHSA-9GP7-JVM2-R4MX Apache Struts Improper Input Validation vulnerability moderate 2018-10-16T19:36:43
(6 years ago)
Affected >= 2.0.0, < 2.5.22 CVE-2019-0233
maven MAVEN:GHSA-CCP5-GG58-PXFM Improper Preservation of Permissions in Apache Struts high 2022-05-24T17:28:11
(2 years ago)
Fixed = 2.5.22 CVE-2019-0233
maven MAVEN:GHSA-CCP5-GG58-PXFM Improper Preservation of Permissions in Apache Struts high 2022-05-24T17:28:11
(2 years ago)
Affected >= 2.5, <= 2.5.16 >= 2.0.4, <= 2.3.34 CVE-2018-11776
maven MAVEN:GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation high 2018-10-18T19:24:38
(5 years ago)
Fixed = 2.5.17 = 2.3.35 CVE-2018-11776
maven MAVEN:GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation high 2018-10-18T19:24:38
(5 years ago)
Affected >= 2.0.0, < 2.3.14.3 CVE-2013-2134
maven MAVEN:GHSA-GQQM-564F-VVXQ Arbitrary code execution in Apache Struts 2 high 2022-05-14T01:57:02
(2 years ago)
Fixed = 2.3.14.3 CVE-2013-2134
maven MAVEN:GHSA-GQQM-564F-VVXQ Arbitrary code execution in Apache Struts 2 high 2022-05-14T01:57:02
(2 years ago)
Affected < 2.3.20 CVE-2014-7809
maven MAVEN:GHSA-H4V9-JF2R-9H6M Cross-Site Request Forgery in Apache Struts moderate 2022-05-14T02:50:59
(2 years ago)
Fixed = 2.3.20 CVE-2014-7809
maven MAVEN:GHSA-H4V9-JF2R-9H6M Cross-Site Request Forgery in Apache Struts moderate 2022-05-14T02:50:59
(2 years ago)
Affected < 2.3.20 CVE-2014-0116
maven MAVEN:GHSA-HMHQ-382Q-MP56 ClassLoader manipulation in Apache Struts high 2022-05-14T00:54:14
(2 years ago)
Fixed = 2.3.20 CVE-2014-0116
maven MAVEN:GHSA-HMHQ-382Q-MP56 ClassLoader manipulation in Apache Struts high 2022-05-14T00:54:14
(2 years ago)
Affected < 2.2.3.1 CVE-2012-0393
maven MAVEN:GHSA-HXQQ-W4MR-MC62 Apache Struts's ParameterInterceptor component does not prevent access to public constructors moderate 2022-05-04T00:29:43
(2 years ago)
Fixed = 2.2.3.1 CVE-2012-0393
maven MAVEN:GHSA-HXQQ-W4MR-MC62 Apache Struts's ParameterInterceptor component does not prevent access to public constructors moderate 2022-05-04T00:29:43
(2 years ago)
Affected >= 2.0.0, < 2.3.1.2 CVE-2011-3923
maven MAVEN:GHSA-J68F-8H6P-9H5Q Struts ParameterInterceptor vulnerability allows remote command execution critical 2022-04-22T00:24:08
(2 years ago)
Fixed = 2.3.1.2 CVE-2011-3923
maven MAVEN:GHSA-J68F-8H6P-9H5Q Struts ParameterInterceptor vulnerability allows remote command execution critical 2022-04-22T00:24:08
(2 years ago)
Affected >= 2.5.0, <= 2.5.10 >= 2.3.0, <= 2.3.31 CVE-2017-5638
maven MAVEN:GHSA-J77Q-2QQG-6989 Apache Struts vulnerable to remote arbitrary command execution due to improper input validation critical 2018-10-18T19:24:26
(5 years ago)
Fixed = 2.5.10.1 = 2.3.32 CVE-2017-5638
maven MAVEN:GHSA-J77Q-2QQG-6989 Apache Struts vulnerable to remote arbitrary command execution due to improper input validation critical 2018-10-18T19:24:26
(5 years ago)
Affected >= 2.0.0, < 2.3.15.2 CVE-2013-4316
maven MAVEN:GHSA-J7H6-XR7G-M2C5 Code injection in Apache Struts high 2022-05-17T03:28:23
(2 years ago)
Fixed = 2.3.15.2 CVE-2013-4316
maven MAVEN:GHSA-J7H6-XR7G-M2C5 Code injection in Apache Struts high 2022-05-17T03:28:23
(2 years ago)
Affected >= 2.0.0, < 2.5.26 CVE-2020-17530
maven MAVEN:GHSA-JC35-Q369-45PV Remote code execution in Apache Struts critical 2022-02-09T22:51:56
(2 years ago)
Fixed = 2.5.26 CVE-2020-17530
maven MAVEN:GHSA-JC35-Q369-45PV Remote code execution in Apache Struts critical 2022-02-09T22:51:56
(2 years ago)
Affected >= 2.1.0, < 2.1.1 >= 2.0.0, < 2.0.11.1 CVE-2008-6682
maven MAVEN:GHSA-JGCR-9C2Q-RVP8 Apache Struts is vulnerable to Cross-site Scripting moderate 2022-05-17T05:52:45
(2 years ago)
Fixed = 2.1.1 = 2.0.11.1 CVE-2008-6682
maven MAVEN:GHSA-JGCR-9C2Q-RVP8 Apache Struts is vulnerable to Cross-site Scripting moderate 2022-05-17T05:52:45
(2 years ago)
Affected >= 2.0.0, < 2.3.28 CVE-2016-4003
maven MAVEN:GHSA-M3X6-9V6H-4G28 Cross-site Scripting in Apache Struts moderate 2022-05-14T01:57:01
(2 years ago)
Fixed = 2.3.28 CVE-2016-4003
maven MAVEN:GHSA-M3X6-9V6H-4G28 Cross-site Scripting in Apache Struts moderate 2022-05-14T01:57:01
(2 years ago)
Affected >= 2.3.25, < 2.3.28.1 >= 2.3.21, < 2.3.24.3 >= 2.3.19, < 2.3.20.3 CVE-2016-3087
maven MAVEN:GHSA-MMJ6-CJJ4-HPR5 Apache Struts vulnerable to arbitrary remote code execution due to improper input validation critical 2022-05-14T00:54:14
(2 years ago)
Fixed = 2.3.28.1 = 2.3.24.3 = 2.3.20.3 CVE-2016-3087
maven MAVEN:GHSA-MMJ6-CJJ4-HPR5 Apache Struts vulnerable to arbitrary remote code execution due to improper input validation critical 2022-05-14T00:54:14
(2 years ago)
Affected < 2.2.3.1 CVE-2012-0838
maven MAVEN:GHSA-MWRX-HX6X-3HHV Apache Struts Code injection due to conversion error high 2022-05-14T01:51:59
(2 years ago)
Fixed = 2.2.3.1 CVE-2012-0838
maven MAVEN:GHSA-MWRX-HX6X-3HHV Apache Struts Code injection due to conversion error high 2022-05-14T01:51:59
(2 years ago)
Affected < 2.3.20 CVE-2014-0112
maven MAVEN:GHSA-PRJV-JJ26-WF8H ClassLoader manipulation in Apache Struts high 2022-05-14T00:54:16
(2 years ago)
Fixed = 2.3.20 CVE-2014-0112
maven MAVEN:GHSA-PRJV-JJ26-WF8H ClassLoader manipulation in Apache Struts high 2022-05-14T00:54:16
(2 years ago)
Affected >= 2.3.28, < 2.3.28.1 >= 2.3.24, < 2.3.24.3 < 2.3.20.3 CVE-2016-3082
maven MAVEN:GHSA-PVM9-288C-V5WQ Remote Code Execution in Apache Struts critical 2022-05-17T03:42:18
(2 years ago)
Fixed = 2.3.28.1 = 2.3.24.3 = 2.3.20.3 CVE-2016-3082
maven MAVEN:GHSA-PVM9-288C-V5WQ Remote Code Execution in Apache Struts critical 2022-05-17T03:42:18
(2 years ago)
Affected >= 2.0.0, < 2.3.14.3 CVE-2013-2135
maven MAVEN:GHSA-PW8R-X2QM-3H5M Arbitrary code execution in Apache Struts 2 high 2022-05-14T01:57:01
(2 years ago)
Fixed = 2.3.14.3 CVE-2013-2135
maven MAVEN:GHSA-PW8R-X2QM-3H5M Arbitrary code execution in Apache Struts 2 high 2022-05-14T01:57:01
(2 years ago)
Affected >= 2.0.0, < 2.3.20.1 CVE-2015-1831
maven MAVEN:GHSA-Q2CG-XF9P-H457 Incomplete exclude pattern in Apache Struts high 2022-05-17T00:50:08
(2 years ago)
Fixed = 2.3.20.1 CVE-2015-1831
maven MAVEN:GHSA-Q2CG-XF9P-H457 Incomplete exclude pattern in Apache Struts high 2022-05-17T00:50:08
(2 years ago)
Affected < 2.3.15.3 CVE-2013-4310
maven MAVEN:GHSA-Q5Q8-JGHF-3PM3 Apache Struts2 Broken Access Control Vulnerability moderate 2022-05-17T04:44:52
(2 years ago)
Fixed = 2.3.15.3 CVE-2013-4310
maven MAVEN:GHSA-Q5Q8-JGHF-3PM3 Apache Struts2 Broken Access Control Vulnerability moderate 2022-05-17T04:44:52
(2 years ago)
Affected < 2.3.15.1 CVE-2013-2248
maven MAVEN:GHSA-RPJ9-R897-WC6Q Open redirect in Apache Struts moderate 2022-05-17T03:13:10
(2 years ago)
Fixed = 2.3.15.1 CVE-2013-2248
maven MAVEN:GHSA-RPJ9-R897-WC6Q Open redirect in Apache Struts moderate 2022-05-17T03:13:10
(2 years ago)
Affected >= 2.0.0, < 2.5.30 CVE-2021-31805
maven MAVEN:GHSA-V8J6-6C2R-R27C Expression Language Injection in Apache Struts critical 2022-04-13T00:00:30
(2 years ago)
Fixed = 2.5.30 CVE-2021-31805
maven MAVEN:GHSA-V8J6-6C2R-R27C Expression Language Injection in Apache Struts critical 2022-04-13T00:00:30
(2 years ago)
Affected >= 2.0.0, < 2.3.16.2 CVE-2014-0094
maven MAVEN:GHSA-VRWC-QJMW-5RJM ClassLoader manipulation in Apache Struts moderate 2022-05-14T00:54:15
(2 years ago)
Fixed = 2.3.16.2 CVE-2014-0094
maven MAVEN:GHSA-VRWC-QJMW-5RJM ClassLoader manipulation in Apache Struts moderate 2022-05-14T00:54:15
(2 years ago)
Affected < 2.3.20 CVE-2015-5169
maven MAVEN:GHSA-VWHV-J36G-5RM8 Cross-site Scripting in Apache Struts moderate 2022-05-14T01:57:02
(2 years ago)
Fixed = 2.3.20 CVE-2015-5169
maven MAVEN:GHSA-VWHV-J36G-5RM8 Cross-site Scripting in Apache Struts moderate 2022-05-14T01:57:02
(2 years ago)
Affected < 2.3.14.3 CVE-2013-1965
maven MAVEN:GHSA-WHMQ-V94Q-34P9 Improper Control of Generation of Code in Apache Struts high 2022-05-14T00:54:15
(2 years ago)
Fixed = 2.3.14.3 CVE-2013-1965
maven MAVEN:GHSA-WHMQ-V94Q-34P9 Improper Control of Generation of Code in Apache Struts high 2022-05-14T00:54:15
(2 years ago)
Affected >= 2.0.0, < 2.5.22 CVE-2019-0230
maven MAVEN:GHSA-WP4H-PVGW-5727 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts critical 2021-12-02T14:50:51
(2 years ago)
Fixed = 2.5.22 CVE-2019-0230
maven MAVEN:GHSA-WP4H-PVGW-5727 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts critical 2021-12-02T14:50:51
(2 years ago)
Affected >= 2.1.0, < 2.1.3 >= 2.0.0, < 2.0.12 CVE-2008-6505
maven MAVEN:GHSA-WV7G-XHVW-8HCP Apache Struts directory traversal vulnerability moderate 2022-05-17T05:52:21
(2 years ago)
Fixed = 2.1.3 = 2.0.12 CVE-2008-6505
maven MAVEN:GHSA-WV7G-XHVW-8HCP Apache Struts directory traversal vulnerability moderate 2022-05-17T05:52:21
(2 years ago)
Affected < 2.2.1 CVE-2010-1870
maven MAVEN:GHSA-X5FC-PGPX-59J5 Server side object manipulation in Apache Struts moderate 2022-05-13T01:14:26
(2 years ago)
Fixed = 2.2.1 CVE-2010-1870
maven MAVEN:GHSA-X5FC-PGPX-59J5 Server side object manipulation in Apache Struts moderate 2022-05-13T01:14:26
(2 years ago)
Affected >= 2.5.0, <= 2.5.12 >= 2.3.7, <= 2.3.33 CVE-2017-9804
maven MAVEN:GHSA-X5X7-3V85-WPC4 Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used high 2018-10-16T19:37:33
(6 years ago)
Fixed = 2.5.13 = 2.3.34 CVE-2017-9804
maven MAVEN:GHSA-X5X7-3V85-WPC4 Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used high 2018-10-16T19:37:33
(6 years ago)
Affected >= 2.5.0, < 2.5.13 >= 2.3.20, < 2.3.29 CVE-2016-4465
maven MAVEN:GHSA-XG75-68X3-7P3Q Apache Struts vulnerable to possible DoS attack when using URLValidator moderate 2022-05-17T02:16:00
(2 years ago)
Fixed = 2.5.13 = 2.3.29 CVE-2016-4465
maven MAVEN:GHSA-XG75-68X3-7P3Q Apache Struts vulnerable to possible DoS attack when using URLValidator moderate 2022-05-17T02:16:00
(2 years ago)
Affected >= 2.5-BETA1, < 2.5.1 >= 2.0.0, < 2.3.29 CVE-2016-4436
maven MAVEN:GHSA-XM92-V2MQ-842Q Apache Struts improper action name cleanup critical 2022-05-17T02:16:00
(2 years ago)
Fixed = 2.5.1 = 2.3.29 CVE-2016-4436
maven MAVEN:GHSA-XM92-V2MQ-842Q Apache Struts improper action name cleanup critical 2022-05-17T02:16:00
(2 years ago)