[MAVEN:GHSA-8C6J-FFMF-Q6VM] Apache Struts RCE Vulnerability
Severity
High
Affected Packages
3
Fixed Packages
3
CVEs
1
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
Package | Affected Version |
---|---|
pkg:maven/org.apache.struts/struts2-core | >= 2.3.21, <= 2.3.24.2 |
pkg:maven/org.apache.struts/struts2-core | >= 2.3.25, <= 2.3.28 |
pkg:maven/org.apache.struts/struts2-core | >= 2.3.19, <= 2.3.20.2 |
Package | Fixed Version |
---|---|
pkg:maven/org.apache.struts/struts2-core | = 2.3.24.3 |
pkg:maven/org.apache.struts/struts2-core | = 2.3.28.1 |
pkg:maven/org.apache.struts/struts2-core | = 2.3.20.3 |
- ID
- MAVEN:GHSA-8C6J-FFMF-Q6VM
- Severity
- high
- URL
- https://github.com/advisories/GHSA-8c6j-ffmf-q6vm
- Published
-
2022-05-14T00:54:14
(2 years ago) - Modified
-
2023-11-01T19:47:30
(10 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.apache.struts/struts2-core | org.apache.struts | struts2-core | >= 2.3.21 <= 2.3.24.2 | |||
Fixed | pkg:maven/org.apache.struts/struts2-core | org.apache.struts | struts2-core | = 2.3.24.3 | |||
Affected | pkg:maven/org.apache.struts/struts2-core | org.apache.struts | struts2-core | >= 2.3.25 <= 2.3.28 | |||
Fixed | pkg:maven/org.apache.struts/struts2-core | org.apache.struts | struts2-core | = 2.3.28.1 | |||
Affected | pkg:maven/org.apache.struts/struts2-core | org.apache.struts | struts2-core | >= 2.3.19 <= 2.3.20.2 | |||
Fixed | pkg:maven/org.apache.struts/struts2-core | org.apache.struts | struts2-core | = 2.3.20.3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |