[MAVEN:GHSA-86VQ-8QHC-5RQW] Apache Struts vulnerable to possible DoS attack when using URLValidator

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.

Package	Affected Version
pkg:maven/org.apache.struts/struts2-core	>= 2.5.0, < 2.5.13

Package	Fixed Version
pkg:maven/org.apache.struts/struts2-core	= 2.5.13

ID: MAVEN:GHSA-86VQ-8QHC-5RQW
Severity: moderate
URL: https://github.com/advisories/GHSA-86vq-8qhc-5rqw
Published: 2022-05-14T03:15:07
(2 years ago)
Modified: 2024-01-04T21:32:57
(8 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2016-8738
			https://security.netapp.com/advisory/ntap-20180629-0003/
			https://struts.apache.org/docs/s2-044.html
			https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
			https://github.com/advisories/GHSA-86vq-8qhc-5rqw

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.struts/struts2-core	org.apache.struts	struts2-core	>= 2.5.0 < 2.5.13
Fixed	pkg:maven/org.apache.struts/struts2-core	org.apache.struts	struts2-core	= 2.5.13

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date