pkg:maven/org.apache.struts/struts2-core
Type
maven
Namespace
org.apache.struts
Name
struts2-core
Known advisories, vulnerabilities and fixes for org.apache.struts/struts2-core package.
Critical
11
High
23
Moderate
20
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 2.3.20 |
CVE-2015-2992
|
MAVEN:GHSA-265R-PP83-GWW7 | Cross-site Scripting in Apache Struts | moderate |
2022-05-24T17:09:44
(2 years ago) |
|
Fixed | = 2.3.20 |
CVE-2015-2992
|
MAVEN:GHSA-265R-PP83-GWW7 | Cross-site Scripting in Apache Struts | moderate |
2022-05-24T17:09:44
(2 years ago) |
|
Affected | >= 2.0.0, < 2.5.33 >= 6.0.0, < 6.3.0.2 |
CVE-2023-50164
|
MAVEN:GHSA-2J39-QCJM-428W | Apache Struts vulnerable to path traversal | critical |
2023-12-07T09:30:45
(9 months ago) |
|
Fixed | = 2.5.33 = 6.3.0.2 |
CVE-2023-50164
|
MAVEN:GHSA-2J39-QCJM-428W | Apache Struts vulnerable to path traversal | critical |
2023-12-07T09:30:45
(9 months ago) |
|
Affected | >= 2.0.0, < 2.3.28 |
CVE-2016-2162
|
MAVEN:GHSA-2J4Q-9FFF-236J | Apache Struts XSS Vulnerability | moderate |
2022-05-17T03:42:59
(2 years ago) |
|
Fixed | = 2.3.28 |
CVE-2016-2162
|
MAVEN:GHSA-2J4Q-9FFF-236J | Apache Struts XSS Vulnerability | moderate |
2022-05-17T03:42:59
(2 years ago) |
|
Affected | < 2.2.3.1 |
CVE-2012-0392
|
MAVEN:GHSA-2PPP-XJ34-VVF7 | Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0392
|
MAVEN:GHSA-2PPP-XJ34-VVF7 | Apache Struts's CookieInterceptor component does not use the parameter-name whitelist | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.4.1 |
CVE-2012-4386
|
MAVEN:GHSA-2RVH-Q539-Q33V | Cross-Site Request Forgery in Apache Struts | moderate |
2022-05-17T01:42:17
(2 years ago) |
|
Fixed | = 2.3.4.1 |
CVE-2012-4386
|
MAVEN:GHSA-2RVH-Q539-Q33V | Cross-Site Request Forgery in Apache Struts | moderate |
2022-05-17T01:42:17
(2 years ago) |
|
Affected | >= 2.0.0, <= 2.3.24.1 |
CVE-2016-3093
|
MAVEN:GHSA-383P-XQXX-RRMP | Denial of service in Apache Struts | moderate |
2022-05-17T03:42:18
(2 years ago) |
|
Fixed | = 2.3.24.3 |
CVE-2016-3093
|
MAVEN:GHSA-383P-XQXX-RRMP | Denial of service in Apache Struts | moderate |
2022-05-17T03:42:18
(2 years ago) |
|
Affected | < 2.3.20 |
CVE-2014-0113
|
MAVEN:GHSA-3C5C-XRQ4-QHR8 | ClassLoader manipulation in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Fixed | = 2.3.20 |
CVE-2014-0113
|
MAVEN:GHSA-3C5C-XRQ4-QHR8 | ClassLoader manipulation in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Affected | < 2.3.16 |
CVE-2013-6348
|
MAVEN:GHSA-3G8J-JJ54-3VJG | Apache Struts is vulnerable to Cross-site Scripting | moderate |
2022-05-17T04:57:18
(2 years ago) |
|
Fixed | = 2.3.16 |
CVE-2013-6348
|
MAVEN:GHSA-3G8J-JJ54-3VJG | Apache Struts is vulnerable to Cross-site Scripting | moderate |
2022-05-17T04:57:18
(2 years ago) |
|
Affected | < 2.3.15.1 |
CVE-2013-2251
|
MAVEN:GHSA-47QP-8V9G-39HP | Code injection in Apache Struts | high |
2022-05-13T01:14:26
(2 years ago) |
|
Fixed | = 2.3.15.1 |
CVE-2013-2251
|
MAVEN:GHSA-47QP-8V9G-39HP | Code injection in Apache Struts | high |
2022-05-13T01:14:26
(2 years ago) |
|
Affected | >= 6.0.0, < 6.1.2.1 < 2.5.31 |
CVE-2023-34396
|
MAVEN:GHSA-4G42-GQRG-4633 | Apache Struts vulnerable to memory exhaustion | high |
2023-06-14T09:30:42
(15 months ago) |
|
Fixed | = 6.1.2.1 = 2.5.31 |
CVE-2023-34396
|
MAVEN:GHSA-4G42-GQRG-4633 | Apache Struts vulnerable to memory exhaustion | high |
2023-06-14T09:30:42
(15 months ago) |
|
Affected | >= 2.3.19, < 2.3.29 |
CVE-2016-4438
|
MAVEN:GHSA-4PRJ-VW9J-V6PR | Arbitrary code execution in Apache Struts 2 | critical |
2022-05-14T00:54:13
(2 years ago) |
|
Fixed | = 2.3.29 |
CVE-2016-4438
|
MAVEN:GHSA-4PRJ-VW9J-V6PR | Arbitrary code execution in Apache Struts 2 | critical |
2022-05-14T00:54:13
(2 years ago) |
|
Affected | < 2.3.24.1 |
CVE-2015-5209
|
MAVEN:GHSA-4QGJ-9MVG-3929 | Special top object can be used to access Struts' internals | high |
2022-05-14T03:15:08
(2 years ago) |
|
Fixed | = 2.3.24.1 |
CVE-2015-5209
|
MAVEN:GHSA-4QGJ-9MVG-3929 | Special top object can be used to access Struts' internals | high |
2022-05-14T03:15:08
(2 years ago) |
|
Affected | < 2.2.3.1 |
CVE-2012-0391
|
MAVEN:GHSA-4WRR-9H5R-M92W | Apache Struts Remote Java Code Execution | high |
2022-05-04T00:29:43
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0391
|
MAVEN:GHSA-4WRR-9H5R-M92W | Apache Struts Remote Java Code Execution | high |
2022-05-04T00:29:43
(2 years ago) |
|
Affected | < 2.2.3 |
CVE-2011-1772
|
MAVEN:GHSA-56F8-G68R-J699 | Cross-site Scripting in Apache Struts | low |
2022-05-17T05:35:28
(2 years ago) |
|
Fixed | = 2.2.3 |
CVE-2011-1772
|
MAVEN:GHSA-56F8-G68R-J699 | Cross-site Scripting in Apache Struts | low |
2022-05-17T05:35:28
(2 years ago) |
|
Affected | < 2.5.32 >= 6.0.0, < 6.1.2.2 >= 6.2.0, < 6.3.0.1 |
CVE-2023-41835
|
MAVEN:GHSA-729Q-FCGP-R5XH | Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability | high |
2023-12-05T09:33:27
(9 months ago) |
|
Fixed | = 2.5.32 = 6.1.2.2 = 6.3.0.1 |
CVE-2023-41835
|
MAVEN:GHSA-729Q-FCGP-R5XH | Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability | high |
2023-12-05T09:33:27
(9 months ago) |
|
Affected | >= 2.0.0, < 2.3.14.2 |
CVE-2013-1966
|
MAVEN:GHSA-737W-MH58-CXJP | Arbitrary code execution in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Fixed | = 2.3.14.2 |
CVE-2013-1966
|
MAVEN:GHSA-737W-MH58-CXJP | Arbitrary code execution in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.14.2 |
CVE-2013-2115
|
MAVEN:GHSA-7GHM-RPC7-P7G5 | Code injection in Apache Struts | high |
2022-05-13T01:16:08
(2 years ago) |
|
Fixed | = 2.3.14.2 |
CVE-2013-2115
|
MAVEN:GHSA-7GHM-RPC7-P7G5 | Code injection in Apache Struts | high |
2022-05-13T01:16:08
(2 years ago) |
|
Affected | >= 2.5.0, < 2.5.13 |
CVE-2016-8738
|
MAVEN:GHSA-86VQ-8QHC-5RQW | Apache Struts vulnerable to possible DoS attack when using URLValidator | moderate |
2022-05-14T03:15:07
(2 years ago) |
|
Fixed | = 2.5.13 |
CVE-2016-8738
|
MAVEN:GHSA-86VQ-8QHC-5RQW | Apache Struts vulnerable to possible DoS attack when using URLValidator | moderate |
2022-05-14T03:15:07
(2 years ago) |
|
Affected | >= 2.3.24, < 2.3.24.3 >= 2.0.0, < 2.3.20.3 |
CVE-2016-0785
|
MAVEN:GHSA-876P-4WGC-75RX | Apache Struts RCE Vulnerability | high |
2022-05-14T00:52:12
(2 years ago) |
|
Fixed | = 2.3.24.3 = 2.3.20.3 |
CVE-2016-0785
|
MAVEN:GHSA-876P-4WGC-75RX | Apache Struts RCE Vulnerability | high |
2022-05-14T00:52:12
(2 years ago) |
|
Affected | >= 2.3.21, <= 2.3.24.2 >= 2.3.25, <= 2.3.28 >= 2.3.19, <= 2.3.20.2 |
CVE-2016-3081
|
MAVEN:GHSA-8C6J-FFMF-Q6VM | Apache Struts RCE Vulnerability | high |
2022-05-14T00:54:14
(2 years ago) |
|
Fixed | = 2.3.24.3 = 2.3.28.1 = 2.3.20.3 |
CVE-2016-3081
|
MAVEN:GHSA-8C6J-FFMF-Q6VM | Apache Struts RCE Vulnerability | high |
2022-05-14T00:54:14
(2 years ago) |
|
Affected | >= 6.0.0, < 6.1.2.1 < 2.5.31 |
CVE-2023-34149
|
MAVEN:GHSA-8F6X-V685-G2XC | Apache Struts vulnerable to memory exhaustion | moderate |
2023-06-14T09:30:42
(15 months ago) |
|
Fixed | = 6.1.2.1 = 2.5.31 |
CVE-2023-34149
|
MAVEN:GHSA-8F6X-V685-G2XC | Apache Struts vulnerable to memory exhaustion | moderate |
2023-06-14T09:30:42
(15 months ago) |
|
Affected | >= 2.5.0, <= 2.5.10.1 >= 2.0.1, <= 2.3.33 |
CVE-2017-12611
|
MAVEN:GHSA-8FX9-5HX8-CRHM | Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal | critical |
2018-10-16T19:35:40
(6 years ago) |
|
Fixed | = 2.5.11 = 2.3.34 |
CVE-2017-12611
|
MAVEN:GHSA-8FX9-5HX8-CRHM | Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal | critical |
2018-10-16T19:35:40
(6 years ago) |
|
Affected | >= 2.0, < 2.5.22 |
CVE-2012-1592
|
MAVEN:GHSA-8M5Q-CRQQ-6PMF | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | high |
2022-04-23T00:40:23
(2 years ago) |
|
Fixed | = 2.5.22 |
CVE-2012-1592
|
MAVEN:GHSA-8M5Q-CRQQ-6PMF | Unrestricted Upload of File with Dangerous Type in Apache Struts2 | high |
2022-04-23T00:40:23
(2 years ago) |
|
Affected | >= 2.3.7, < 2.3.33 >= 2.5.0, < 2.5.12 |
CVE-2017-9787
|
MAVEN:GHSA-8MR5-H28G-36QX | Spring AOP functionality (Struts) vulnerable to DoS attack | high |
2018-10-16T19:37:07
(6 years ago) |
|
Fixed | = 2.3.33 = 2.5.12 |
CVE-2017-9787
|
MAVEN:GHSA-8MR5-H28G-36QX | Spring AOP functionality (Struts) vulnerable to DoS attack | high |
2018-10-16T19:37:07
(6 years ago) |
|
Affected | >= 2.5.0, < 2.5.12 |
CVE-2017-7672
|
MAVEN:GHSA-9GP7-JVM2-R4MX | Apache Struts Improper Input Validation vulnerability | moderate |
2018-10-16T19:36:43
(6 years ago) |
|
Fixed | = 2.5.12 |
CVE-2017-7672
|
MAVEN:GHSA-9GP7-JVM2-R4MX | Apache Struts Improper Input Validation vulnerability | moderate |
2018-10-16T19:36:43
(6 years ago) |
|
Affected | >= 2.0.0, < 2.5.22 |
CVE-2019-0233
|
MAVEN:GHSA-CCP5-GG58-PXFM | Improper Preservation of Permissions in Apache Struts | high |
2022-05-24T17:28:11
(2 years ago) |
|
Fixed | = 2.5.22 |
CVE-2019-0233
|
MAVEN:GHSA-CCP5-GG58-PXFM | Improper Preservation of Permissions in Apache Struts | high |
2022-05-24T17:28:11
(2 years ago) |
|
Affected | >= 2.5, <= 2.5.16 >= 2.0.4, <= 2.3.34 |
CVE-2018-11776
|
MAVEN:GHSA-CR6J-3JP9-RW65 | Apache Struts vulnerable to remote command execution (RCE) due to improper input validation | high |
2018-10-18T19:24:38
(5 years ago) |
|
Fixed | = 2.5.17 = 2.3.35 |
CVE-2018-11776
|
MAVEN:GHSA-CR6J-3JP9-RW65 | Apache Struts vulnerable to remote command execution (RCE) due to improper input validation | high |
2018-10-18T19:24:38
(5 years ago) |
|
Affected | >= 2.0.0, < 2.3.14.3 |
CVE-2013-2134
|
MAVEN:GHSA-GQQM-564F-VVXQ | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:02
(2 years ago) |
|
Fixed | = 2.3.14.3 |
CVE-2013-2134
|
MAVEN:GHSA-GQQM-564F-VVXQ | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:02
(2 years ago) |
|
Affected | < 2.3.20 |
CVE-2014-7809
|
MAVEN:GHSA-H4V9-JF2R-9H6M | Cross-Site Request Forgery in Apache Struts | moderate |
2022-05-14T02:50:59
(2 years ago) |
|
Fixed | = 2.3.20 |
CVE-2014-7809
|
MAVEN:GHSA-H4V9-JF2R-9H6M | Cross-Site Request Forgery in Apache Struts | moderate |
2022-05-14T02:50:59
(2 years ago) |
|
Affected | < 2.3.20 |
CVE-2014-0116
|
MAVEN:GHSA-HMHQ-382Q-MP56 | ClassLoader manipulation in Apache Struts | high |
2022-05-14T00:54:14
(2 years ago) |
|
Fixed | = 2.3.20 |
CVE-2014-0116
|
MAVEN:GHSA-HMHQ-382Q-MP56 | ClassLoader manipulation in Apache Struts | high |
2022-05-14T00:54:14
(2 years ago) |
|
Affected | < 2.2.3.1 |
CVE-2012-0393
|
MAVEN:GHSA-HXQQ-W4MR-MC62 | Apache Struts's ParameterInterceptor component does not prevent access to public constructors | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0393
|
MAVEN:GHSA-HXQQ-W4MR-MC62 | Apache Struts's ParameterInterceptor component does not prevent access to public constructors | moderate |
2022-05-04T00:29:43
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.1.2 |
CVE-2011-3923
|
MAVEN:GHSA-J68F-8H6P-9H5Q | Struts ParameterInterceptor vulnerability allows remote command execution | critical |
2022-04-22T00:24:08
(2 years ago) |
|
Fixed | = 2.3.1.2 |
CVE-2011-3923
|
MAVEN:GHSA-J68F-8H6P-9H5Q | Struts ParameterInterceptor vulnerability allows remote command execution | critical |
2022-04-22T00:24:08
(2 years ago) |
|
Affected | >= 2.5.0, <= 2.5.10 >= 2.3.0, <= 2.3.31 |
CVE-2017-5638
|
MAVEN:GHSA-J77Q-2QQG-6989 | Apache Struts vulnerable to remote arbitrary command execution due to improper input validation | critical |
2018-10-18T19:24:26
(5 years ago) |
|
Fixed | = 2.5.10.1 = 2.3.32 |
CVE-2017-5638
|
MAVEN:GHSA-J77Q-2QQG-6989 | Apache Struts vulnerable to remote arbitrary command execution due to improper input validation | critical |
2018-10-18T19:24:26
(5 years ago) |
|
Affected | >= 2.0.0, < 2.3.15.2 |
CVE-2013-4316
|
MAVEN:GHSA-J7H6-XR7G-M2C5 | Code injection in Apache Struts | high |
2022-05-17T03:28:23
(2 years ago) |
|
Fixed | = 2.3.15.2 |
CVE-2013-4316
|
MAVEN:GHSA-J7H6-XR7G-M2C5 | Code injection in Apache Struts | high |
2022-05-17T03:28:23
(2 years ago) |
|
Affected | >= 2.0.0, < 2.5.26 |
CVE-2020-17530
|
MAVEN:GHSA-JC35-Q369-45PV | Remote code execution in Apache Struts | critical |
2022-02-09T22:51:56
(2 years ago) |
|
Fixed | = 2.5.26 |
CVE-2020-17530
|
MAVEN:GHSA-JC35-Q369-45PV | Remote code execution in Apache Struts | critical |
2022-02-09T22:51:56
(2 years ago) |
|
Affected | >= 2.1.0, < 2.1.1 >= 2.0.0, < 2.0.11.1 |
CVE-2008-6682
|
MAVEN:GHSA-JGCR-9C2Q-RVP8 | Apache Struts is vulnerable to Cross-site Scripting | moderate |
2022-05-17T05:52:45
(2 years ago) |
|
Fixed | = 2.1.1 = 2.0.11.1 |
CVE-2008-6682
|
MAVEN:GHSA-JGCR-9C2Q-RVP8 | Apache Struts is vulnerable to Cross-site Scripting | moderate |
2022-05-17T05:52:45
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.28 |
CVE-2016-4003
|
MAVEN:GHSA-M3X6-9V6H-4G28 | Cross-site Scripting in Apache Struts | moderate |
2022-05-14T01:57:01
(2 years ago) |
|
Fixed | = 2.3.28 |
CVE-2016-4003
|
MAVEN:GHSA-M3X6-9V6H-4G28 | Cross-site Scripting in Apache Struts | moderate |
2022-05-14T01:57:01
(2 years ago) |
|
Affected | >= 2.3.25, < 2.3.28.1 >= 2.3.21, < 2.3.24.3 >= 2.3.19, < 2.3.20.3 |
CVE-2016-3087
|
MAVEN:GHSA-MMJ6-CJJ4-HPR5 | Apache Struts vulnerable to arbitrary remote code execution due to improper input validation | critical |
2022-05-14T00:54:14
(2 years ago) |
|
Fixed | = 2.3.28.1 = 2.3.24.3 = 2.3.20.3 |
CVE-2016-3087
|
MAVEN:GHSA-MMJ6-CJJ4-HPR5 | Apache Struts vulnerable to arbitrary remote code execution due to improper input validation | critical |
2022-05-14T00:54:14
(2 years ago) |
|
Affected | < 2.2.3.1 |
CVE-2012-0838
|
MAVEN:GHSA-MWRX-HX6X-3HHV | Apache Struts Code injection due to conversion error | high |
2022-05-14T01:51:59
(2 years ago) |
|
Fixed | = 2.2.3.1 |
CVE-2012-0838
|
MAVEN:GHSA-MWRX-HX6X-3HHV | Apache Struts Code injection due to conversion error | high |
2022-05-14T01:51:59
(2 years ago) |
|
Affected | < 2.3.20 |
CVE-2014-0112
|
MAVEN:GHSA-PRJV-JJ26-WF8H | ClassLoader manipulation in Apache Struts | high |
2022-05-14T00:54:16
(2 years ago) |
|
Fixed | = 2.3.20 |
CVE-2014-0112
|
MAVEN:GHSA-PRJV-JJ26-WF8H | ClassLoader manipulation in Apache Struts | high |
2022-05-14T00:54:16
(2 years ago) |
|
Affected | >= 2.3.28, < 2.3.28.1 >= 2.3.24, < 2.3.24.3 < 2.3.20.3 |
CVE-2016-3082
|
MAVEN:GHSA-PVM9-288C-V5WQ | Remote Code Execution in Apache Struts | critical |
2022-05-17T03:42:18
(2 years ago) |
|
Fixed | = 2.3.28.1 = 2.3.24.3 = 2.3.20.3 |
CVE-2016-3082
|
MAVEN:GHSA-PVM9-288C-V5WQ | Remote Code Execution in Apache Struts | critical |
2022-05-17T03:42:18
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.14.3 |
CVE-2013-2135
|
MAVEN:GHSA-PW8R-X2QM-3H5M | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:01
(2 years ago) |
|
Fixed | = 2.3.14.3 |
CVE-2013-2135
|
MAVEN:GHSA-PW8R-X2QM-3H5M | Arbitrary code execution in Apache Struts 2 | high |
2022-05-14T01:57:01
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.20.1 |
CVE-2015-1831
|
MAVEN:GHSA-Q2CG-XF9P-H457 | Incomplete exclude pattern in Apache Struts | high |
2022-05-17T00:50:08
(2 years ago) |
|
Fixed | = 2.3.20.1 |
CVE-2015-1831
|
MAVEN:GHSA-Q2CG-XF9P-H457 | Incomplete exclude pattern in Apache Struts | high |
2022-05-17T00:50:08
(2 years ago) |
|
Affected | < 2.3.15.3 |
CVE-2013-4310
|
MAVEN:GHSA-Q5Q8-JGHF-3PM3 | Apache Struts2 Broken Access Control Vulnerability | moderate |
2022-05-17T04:44:52
(2 years ago) |
|
Fixed | = 2.3.15.3 |
CVE-2013-4310
|
MAVEN:GHSA-Q5Q8-JGHF-3PM3 | Apache Struts2 Broken Access Control Vulnerability | moderate |
2022-05-17T04:44:52
(2 years ago) |
|
Affected | < 2.3.15.1 |
CVE-2013-2248
|
MAVEN:GHSA-RPJ9-R897-WC6Q | Open redirect in Apache Struts | moderate |
2022-05-17T03:13:10
(2 years ago) |
|
Fixed | = 2.3.15.1 |
CVE-2013-2248
|
MAVEN:GHSA-RPJ9-R897-WC6Q | Open redirect in Apache Struts | moderate |
2022-05-17T03:13:10
(2 years ago) |
|
Affected | >= 2.0.0, < 2.5.30 |
CVE-2021-31805
|
MAVEN:GHSA-V8J6-6C2R-R27C | Expression Language Injection in Apache Struts | critical |
2022-04-13T00:00:30
(2 years ago) |
|
Fixed | = 2.5.30 |
CVE-2021-31805
|
MAVEN:GHSA-V8J6-6C2R-R27C | Expression Language Injection in Apache Struts | critical |
2022-04-13T00:00:30
(2 years ago) |
|
Affected | >= 2.0.0, < 2.3.16.2 |
CVE-2014-0094
|
MAVEN:GHSA-VRWC-QJMW-5RJM | ClassLoader manipulation in Apache Struts | moderate |
2022-05-14T00:54:15
(2 years ago) |
|
Fixed | = 2.3.16.2 |
CVE-2014-0094
|
MAVEN:GHSA-VRWC-QJMW-5RJM | ClassLoader manipulation in Apache Struts | moderate |
2022-05-14T00:54:15
(2 years ago) |
|
Affected | < 2.3.20 |
CVE-2015-5169
|
MAVEN:GHSA-VWHV-J36G-5RM8 | Cross-site Scripting in Apache Struts | moderate |
2022-05-14T01:57:02
(2 years ago) |
|
Fixed | = 2.3.20 |
CVE-2015-5169
|
MAVEN:GHSA-VWHV-J36G-5RM8 | Cross-site Scripting in Apache Struts | moderate |
2022-05-14T01:57:02
(2 years ago) |
|
Affected | < 2.3.14.3 |
CVE-2013-1965
|
MAVEN:GHSA-WHMQ-V94Q-34P9 | Improper Control of Generation of Code in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Fixed | = 2.3.14.3 |
CVE-2013-1965
|
MAVEN:GHSA-WHMQ-V94Q-34P9 | Improper Control of Generation of Code in Apache Struts | high |
2022-05-14T00:54:15
(2 years ago) |
|
Affected | >= 2.0.0, < 2.5.22 |
CVE-2019-0230
|
MAVEN:GHSA-WP4H-PVGW-5727 | Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts | critical |
2021-12-02T14:50:51
(2 years ago) |
|
Fixed | = 2.5.22 |
CVE-2019-0230
|
MAVEN:GHSA-WP4H-PVGW-5727 | Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts | critical |
2021-12-02T14:50:51
(2 years ago) |
|
Affected | >= 2.1.0, < 2.1.3 >= 2.0.0, < 2.0.12 |
CVE-2008-6505
|
MAVEN:GHSA-WV7G-XHVW-8HCP | Apache Struts directory traversal vulnerability | moderate |
2022-05-17T05:52:21
(2 years ago) |
|
Fixed | = 2.1.3 = 2.0.12 |
CVE-2008-6505
|
MAVEN:GHSA-WV7G-XHVW-8HCP | Apache Struts directory traversal vulnerability | moderate |
2022-05-17T05:52:21
(2 years ago) |
|
Affected | < 2.2.1 |
CVE-2010-1870
|
MAVEN:GHSA-X5FC-PGPX-59J5 | Server side object manipulation in Apache Struts | moderate |
2022-05-13T01:14:26
(2 years ago) |
|
Fixed | = 2.2.1 |
CVE-2010-1870
|
MAVEN:GHSA-X5FC-PGPX-59J5 | Server side object manipulation in Apache Struts | moderate |
2022-05-13T01:14:26
(2 years ago) |
|
Affected | >= 2.5.0, <= 2.5.12 >= 2.3.7, <= 2.3.33 |
CVE-2017-9804
|
MAVEN:GHSA-X5X7-3V85-WPC4 | Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used | high |
2018-10-16T19:37:33
(6 years ago) |
|
Fixed | = 2.5.13 = 2.3.34 |
CVE-2017-9804
|
MAVEN:GHSA-X5X7-3V85-WPC4 | Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used | high |
2018-10-16T19:37:33
(6 years ago) |
|
Affected | >= 2.5.0, < 2.5.13 >= 2.3.20, < 2.3.29 |
CVE-2016-4465
|
MAVEN:GHSA-XG75-68X3-7P3Q | Apache Struts vulnerable to possible DoS attack when using URLValidator | moderate |
2022-05-17T02:16:00
(2 years ago) |
|
Fixed | = 2.5.13 = 2.3.29 |
CVE-2016-4465
|
MAVEN:GHSA-XG75-68X3-7P3Q | Apache Struts vulnerable to possible DoS attack when using URLValidator | moderate |
2022-05-17T02:16:00
(2 years ago) |
|
Affected | >= 2.5-BETA1, < 2.5.1 >= 2.0.0, < 2.3.29 |
CVE-2016-4436
|
MAVEN:GHSA-XM92-V2MQ-842Q | Apache Struts improper action name cleanup | critical |
2022-05-17T02:16:00
(2 years ago) |
|
Fixed | = 2.5.1 = 2.3.29 |
CVE-2016-4436
|
MAVEN:GHSA-XM92-V2MQ-842Q | Apache Struts improper action name cleanup | critical |
2022-05-17T02:16:00
(2 years ago) |