Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-config-browser-plugin@2.3.14
Typemaven
Namespaceorg.apache.struts
Namestruts2-config-browser-plugin
Version2.3.14
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.33
Latest_non_vulnerable_version6.3.0.2
Affected_by_vulnerabilities
0
url VCID-79j9-v8gz-rfax
vulnerability_id VCID-79j9-v8gz-rfax
summary 
Remote code execution in Apache Struts
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
references
0
reference_url http://jvn.jp/en/jp/JVN43969166/index.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url http://jvn.jp/en/jp/JVN43969166/index.html
1
reference_url http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-17530
reference_id
reference_type
scores
0
value 0.94376
scoring_system epss
scoring_elements 0.99967
published_at 2026-04-13T12:55:00Z
1
value 0.94376
scoring_system epss
scoring_elements 0.99968
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-17530
4
reference_url https://cwiki.apache.org/confluence/display/WW/S2-061
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://cwiki.apache.org/confluence/display/WW/S2-061
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
7
reference_url https://security.netapp.com/advisory/ntap-20210115-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210115-0005
8
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530
9
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpuApr2021.html
10
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpuapr2022.html
11
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpujan2021.html
12
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpujan2022.html
13
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com//security-alerts/cpujul2021.html
14
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://www.oracle.com/security-alerts/cpuoct2021.html
15
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url http://www.openwall.com/lists/oss-security/2022/04/12/6
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1905645
reference_id 1905645
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1905645
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-17530
reference_id CVE-2020-17530
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-17530
18
reference_url https://github.com/advisories/GHSA-jc35-q369-45pv
reference_id GHSA-jc35-q369-45pv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jc35-q369-45pv
19
reference_url https://security.netapp.com/advisory/ntap-20210115-0005/
reference_id ntap-20210115-0005
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/
url https://security.netapp.com/advisory/ntap-20210115-0005/
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.26
purl pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.26
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gfxq-vtry-bqgg
1
vulnerability VCID-hgj2-vqzn-gyeb
2
vulnerability VCID-hpm1-euf1-vff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.26
aliases CVE-2020-17530, GHSA-jc35-q369-45pv
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax
1
url VCID-gfxq-vtry-bqgg
vulnerability_id VCID-gfxq-vtry-bqgg
summary 
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
references
0
reference_url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
reference_id
reference_type
scores
0
value 0.92864
scoring_system epss
scoring_elements 0.99769
published_at 2026-04-18T12:55:00Z
1
value 0.93657
scoring_system epss
scoring_elements 0.99842
published_at 2026-04-07T12:55:00Z
2
value 0.93657
scoring_system epss
scoring_elements 0.99841
published_at 2026-04-02T12:55:00Z
3
value 0.93657
scoring_system epss
scoring_elements 0.99844
published_at 2026-04-13T12:55:00Z
4
value 0.93657
scoring_system epss
scoring_elements 0.99843
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-066
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-066
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
6
reference_url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
7
reference_url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
8
reference_url https://security.netapp.com/advisory/ntap-20231214-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0010
9
reference_url https://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/12/07/1
10
reference_url http://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/07/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id 2253938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
reference_id CVE-2023-50164
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
13
reference_url https://github.com/advisories/GHSA-2j39-qcjm-428w
reference_id GHSA-2j39-qcjm-428w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j39-qcjm-428w
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.33
purl pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.33
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.33
1
url pkg:maven/org.apache.struts/struts2-config-browser-plugin@6.3.0.2
purl pkg:maven/org.apache.struts/struts2-config-browser-plugin@6.3.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@6.3.0.2
aliases CVE-2023-50164, GHSA-2j39-qcjm-428w
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg
2
url VCID-hgj2-vqzn-gyeb
vulnerability_id VCID-hgj2-vqzn-gyeb
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
reference_id
reference_type
scores
0
value 0.93956
scoring_system epss
scoring_elements 0.99886
published_at 2026-04-18T12:55:00Z
1
value 0.93956
scoring_system epss
scoring_elements 0.99883
published_at 2026-04-07T12:55:00Z
2
value 0.93956
scoring_system epss
scoring_elements 0.99885
published_at 2026-04-13T12:55:00Z
3
value 0.93956
scoring_system epss
scoring_elements 0.99884
published_at 2026-04-12T12:55:00Z
4
value 0.93956
scoring_system epss
scoring_elements 0.99881
published_at 2026-04-01T12:55:00Z
5
value 0.93956
scoring_system epss
scoring_elements 0.99882
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-062
3
reference_url https://security.netapp.com/advisory/ntap-20220420-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220420-0001
4
reference_url https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220420-0001/
5
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
6
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/12/6
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id 2074788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
reference_id CVE-2021-31805
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
9
reference_url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
reference_id GHSA-v8j6-6c2r-r27c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.30
purl pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gfxq-vtry-bqgg
1
vulnerability VCID-hpm1-euf1-vff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.30
aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb
3
url VCID-hpm1-euf1-vff1
vulnerability_id VCID-hpm1-euf1-vff1
summary 
Incomplete Cleanup
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41835.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41835.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41835
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.4515
published_at 2026-04-18T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45156
published_at 2026-04-16T12:55:00Z
2
value 0.00224
scoring_system epss
scoring_elements 0.45107
published_at 2026-04-13T12:55:00Z
3
value 0.00224
scoring_system epss
scoring_elements 0.45105
published_at 2026-04-12T12:55:00Z
4
value 0.00224
scoring_system epss
scoring_elements 0.45137
published_at 2026-04-11T12:55:00Z
5
value 0.00224
scoring_system epss
scoring_elements 0.45063
published_at 2026-04-07T12:55:00Z
6
value 0.00224
scoring_system epss
scoring_elements 0.45121
published_at 2026-04-04T12:55:00Z
7
value 0.00224
scoring_system epss
scoring_elements 0.45099
published_at 2026-04-02T12:55:00Z
8
value 0.00224
scoring_system epss
scoring_elements 0.45115
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41835
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
5
reference_url https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
6
reference_url https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
7
reference_url https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:55:29Z/
url https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
8
reference_url https://security.netapp.com/advisory/ntap-20231013-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231013-0001
9
reference_url https://www.openwall.com/lists/oss-security/2023/12/09/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:55:29Z/
url https://www.openwall.com/lists/oss-security/2023/12/09/1
10
reference_url http://www.openwall.com/lists/oss-security/2023/12/09/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/09/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252931
reference_id 2252931
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252931
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41835
reference_id CVE-2023-41835
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41835
13
reference_url https://github.com/advisories/GHSA-729q-fcgp-r5xh
reference_id GHSA-729q-fcgp-r5xh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-729q-fcgp-r5xh
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.32
purl pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.5.32
1
url pkg:maven/org.apache.struts/struts2-config-browser-plugin@6.3.0.1
purl pkg:maven/org.apache.struts/struts2-config-browser-plugin@6.3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@6.3.0.1
aliases CVE-2023-41835, GHSA-729q-fcgp-r5xh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hpm1-euf1-vff1
4
url VCID-qqm4-frqy-bua5
vulnerability_id VCID-qqm4-frqy-bua5
summary 
XSS via malicious action parameter
Multiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to `actionNames.action` and `showConfig.action` in `config-browser/`.
references
0
reference_url http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6348
reference_id
reference_type
scores
0
value 0.02766
scoring_system epss
scoring_elements 0.8605
published_at 2026-04-18T12:55:00Z
1
value 0.02766
scoring_system epss
scoring_elements 0.86046
published_at 2026-04-16T12:55:00Z
2
value 0.02766
scoring_system epss
scoring_elements 0.86028
published_at 2026-04-13T12:55:00Z
3
value 0.02766
scoring_system epss
scoring_elements 0.86033
published_at 2026-04-12T12:55:00Z
4
value 0.02766
scoring_system epss
scoring_elements 0.86035
published_at 2026-04-11T12:55:00Z
5
value 0.02766
scoring_system epss
scoring_elements 0.85991
published_at 2026-04-07T12:55:00Z
6
value 0.02766
scoring_system epss
scoring_elements 0.86011
published_at 2026-04-08T12:55:00Z
7
value 0.02766
scoring_system epss
scoring_elements 0.85965
published_at 2026-04-01T12:55:00Z
8
value 0.02766
scoring_system epss
scoring_elements 0.85976
published_at 2026-04-02T12:55:00Z
9
value 0.02766
scoring_system epss
scoring_elements 0.8602
published_at 2026-04-09T12:55:00Z
10
value 0.02766
scoring_system epss
scoring_elements 0.85992
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6348
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348
3
reference_url http://seclists.org/fulldisclosure/2013/Oct/244
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2013/Oct/244
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://issues.apache.org/jira/browse/WW-4213
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4213
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6348
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6348
7
reference_url https://security-tracker.debian.org/tracker/CVE-2013-6348
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-6348
8
reference_url https://svn.apache.org/viewvc?view=revision&revision=1533354
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://svn.apache.org/viewvc?view=revision&revision=1533354
9
reference_url https://ubuntu.com/security/CVE-2013-6348
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ubuntu.com/security/CVE-2013-6348
10
reference_url https://github.com/advisories/GHSA-3g8j-jj54-3vjg
reference_id GHSA-3g8j-jj54-3vjg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3g8j-jj54-3vjg
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.3.16
purl pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.3.16
aliases CVE-2013-6348, GHSA-3g8j-jj54-3vjg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqm4-frqy-bua5
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-config-browser-plugin@2.3.14