Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.5.28
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.5.28
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.8.0
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-87fh-rvvb-6ubq
vulnerability_id VCID-87fh-rvvb-6ubq
summary 
Apache Struts file upload logic is flawed
File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
reference_id
reference_type
scores
0
value 0.91785
scoring_system epss
scoring_elements 0.99684
published_at 2026-04-02T12:55:00Z
1
value 0.91785
scoring_system epss
scoring_elements 0.99685
published_at 2026-04-04T12:55:00Z
2
value 0.91785
scoring_system epss
scoring_elements 0.99686
published_at 2026-04-07T12:55:00Z
3
value 0.93053
scoring_system epss
scoring_elements 0.99788
published_at 2026-04-08T12:55:00Z
4
value 0.93053
scoring_system epss
scoring_elements 0.99789
published_at 2026-04-13T12:55:00Z
5
value 0.93053
scoring_system epss
scoring_elements 0.99791
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-067
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/
url https://cwiki.apache.org/confluence/display/WW/S2-067
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
6
reference_url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
7
reference_url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
9
reference_url https://security.netapp.com/advisory/ntap-20250103-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0005
10
reference_url https://struts.apache.org/core-developers/file-upload
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/core-developers/file-upload
11
reference_url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
reference_id 2331686
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
13
reference_url https://github.com/advisories/GHSA-43mq-6xmg-29vm
reference_id GHSA-43mq-6xmg-29vm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43mq-6xmg-29vm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.4.0
purl pkg:maven/org.apache.struts/struts2-core@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-95ts-vpk6-uubg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0
aliases CVE-2024-53677, GHSA-43mq-6xmg-29vm
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87fh-rvvb-6ubq
1
url VCID-95ts-vpk6-uubg
vulnerability_id VCID-95ts-vpk6-uubg
summary 
Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31685
published_at 2026-04-02T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31628
published_at 2026-04-09T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31599
published_at 2026-04-08T12:55:00Z
3
value 0.00124
scoring_system epss
scoring_elements 0.31547
published_at 2026-04-07T12:55:00Z
4
value 0.00124
scoring_system epss
scoring_elements 0.31729
published_at 2026-04-04T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40748
published_at 2026-04-18T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40786
published_at 2026-04-11T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40752
published_at 2026-04-12T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.40733
published_at 2026-04-13T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40778
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
1
reference_url https://cve.org/CVERecord?id=CVE-2025-64775
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cve.org/CVERecord?id=CVE-2025-64775
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-068
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cwiki.apache.org/confluence/display/WW/S2-068
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
reference_id CVE-2025-66675
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
6
reference_url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
reference_id GHSA-rg58-xhh7-mqjw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.8.0
purl pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0
1
url pkg:maven/org.apache.struts/struts2-core@7.1.1
purl pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1
aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg
2
url VCID-b7zy-qhz9-tuar
vulnerability_id VCID-b7zy-qhz9-tuar
summary 
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34149
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19623
published_at 2026-04-04T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19344
published_at 2026-04-07T12:55:00Z
2
value 0.00062
scoring_system epss
scoring_elements 0.19577
published_at 2026-04-02T12:55:00Z
3
value 0.00062
scoring_system epss
scoring_elements 0.19474
published_at 2026-04-09T12:55:00Z
4
value 0.00062
scoring_system epss
scoring_elements 0.19422
published_at 2026-04-08T12:55:00Z
5
value 0.00066
scoring_system epss
scoring_elements 0.20662
published_at 2026-04-11T12:55:00Z
6
value 0.00066
scoring_system epss
scoring_elements 0.2055
published_at 2026-04-18T12:55:00Z
7
value 0.00066
scoring_system epss
scoring_elements 0.20553
published_at 2026-04-16T12:55:00Z
8
value 0.00066
scoring_system epss
scoring_elements 0.20567
published_at 2026-04-13T12:55:00Z
9
value 0.00066
scoring_system epss
scoring_elements 0.2062
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34149
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-063
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/
url https://cwiki.apache.org/confluence/display/WW/S2-063
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
4
reference_url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
5
reference_url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
6
reference_url https://security.netapp.com/advisory/ntap-20230706-0005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230706-0005
7
reference_url http://www.openwall.com/lists/oss-security/2023/06/14/2
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/
url http://www.openwall.com/lists/oss-security/2023/06/14/2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34149
reference_id CVE-2023-34149
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34149
9
reference_url https://github.com/advisories/GHSA-8f6x-v685-g2xc
reference_id GHSA-8f6x-v685-g2xc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8f6x-v685-g2xc
10
reference_url https://security.netapp.com/advisory/ntap-20230706-0005/
reference_id ntap-20230706-0005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/
url https://security.netapp.com/advisory/ntap-20230706-0005/
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.31
purl pkg:maven/org.apache.struts/struts2-core@2.5.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
3
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31
1
url pkg:maven/org.apache.struts/struts2-core@6.1.2.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1
aliases CVE-2023-34149, GHSA-8f6x-v685-g2xc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7zy-qhz9-tuar
3
url VCID-dk2f-14xj-9bf8
vulnerability_id VCID-dk2f-14xj-9bf8
summary 
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34396
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30099
published_at 2026-04-07T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30232
published_at 2026-04-02T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30281
published_at 2026-04-04T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30194
published_at 2026-04-09T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30159
published_at 2026-04-08T12:55:00Z
5
value 0.00123
scoring_system epss
scoring_elements 0.3147
published_at 2026-04-11T12:55:00Z
6
value 0.00123
scoring_system epss
scoring_elements 0.31404
published_at 2026-04-18T12:55:00Z
7
value 0.00123
scoring_system epss
scoring_elements 0.31425
published_at 2026-04-16T12:55:00Z
8
value 0.00123
scoring_system epss
scoring_elements 0.31391
published_at 2026-04-13T12:55:00Z
9
value 0.00123
scoring_system epss
scoring_elements 0.31428
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34396
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-064
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/
url https://cwiki.apache.org/confluence/display/WW/S2-064
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
4
reference_url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
5
reference_url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
6
reference_url https://security.netapp.com/advisory/ntap-20230706-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230706-0005
7
reference_url http://www.openwall.com/lists/oss-security/2023/06/14/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/
url http://www.openwall.com/lists/oss-security/2023/06/14/3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34396
reference_id CVE-2023-34396
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34396
9
reference_url https://github.com/advisories/GHSA-4g42-gqrg-4633
reference_id GHSA-4g42-gqrg-4633
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4g42-gqrg-4633
10
reference_url https://security.netapp.com/advisory/ntap-20230706-0005/
reference_id ntap-20230706-0005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/
url https://security.netapp.com/advisory/ntap-20230706-0005/
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.31
purl pkg:maven/org.apache.struts/struts2-core@2.5.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
3
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31
1
url pkg:maven/org.apache.struts/struts2-core@6.1.2.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1
aliases CVE-2023-34396, GHSA-4g42-gqrg-4633
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dk2f-14xj-9bf8
4
url VCID-gfxq-vtry-bqgg
vulnerability_id VCID-gfxq-vtry-bqgg
summary 
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
references
0
reference_url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
reference_id
reference_type
scores
0
value 0.92864
scoring_system epss
scoring_elements 0.99769
published_at 2026-04-18T12:55:00Z
1
value 0.93657
scoring_system epss
scoring_elements 0.99842
published_at 2026-04-07T12:55:00Z
2
value 0.93657
scoring_system epss
scoring_elements 0.99841
published_at 2026-04-02T12:55:00Z
3
value 0.93657
scoring_system epss
scoring_elements 0.99844
published_at 2026-04-13T12:55:00Z
4
value 0.93657
scoring_system epss
scoring_elements 0.99843
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-066
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-066
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
6
reference_url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
7
reference_url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
8
reference_url https://security.netapp.com/advisory/ntap-20231214-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0010
9
reference_url https://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/12/07/1
10
reference_url http://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/07/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id 2253938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
reference_id CVE-2023-50164
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
13
reference_url https://github.com/advisories/GHSA-2j39-qcjm-428w
reference_id GHSA-2j39-qcjm-428w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j39-qcjm-428w
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.33
purl pkg:maven/org.apache.struts/struts2-core@2.5.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-j8jv-hzsy-nyec
3
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33
1
url pkg:maven/org.apache.struts/struts2-core@6.3.0.2
purl pkg:maven/org.apache.struts/struts2-core@6.3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2
aliases CVE-2023-50164, GHSA-2j39-qcjm-428w
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg
5
url VCID-hgj2-vqzn-gyeb
vulnerability_id VCID-hgj2-vqzn-gyeb
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
reference_id
reference_type
scores
0
value 0.93956
scoring_system epss
scoring_elements 0.99886
published_at 2026-04-18T12:55:00Z
1
value 0.93956
scoring_system epss
scoring_elements 0.99883
published_at 2026-04-07T12:55:00Z
2
value 0.93956
scoring_system epss
scoring_elements 0.99885
published_at 2026-04-13T12:55:00Z
3
value 0.93956
scoring_system epss
scoring_elements 0.99884
published_at 2026-04-12T12:55:00Z
4
value 0.93956
scoring_system epss
scoring_elements 0.99881
published_at 2026-04-01T12:55:00Z
5
value 0.93956
scoring_system epss
scoring_elements 0.99882
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-062
3
reference_url https://security.netapp.com/advisory/ntap-20220420-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220420-0001
4
reference_url https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220420-0001/
5
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
6
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/12/6
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id 2074788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
reference_id CVE-2021-31805
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
9
reference_url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
reference_id GHSA-v8j6-6c2r-r27c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.30
purl pkg:maven/org.apache.struts/struts2-core@2.5.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-b7zy-qhz9-tuar
3
vulnerability VCID-dk2f-14xj-9bf8
4
vulnerability VCID-gfxq-vtry-bqgg
5
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30
aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb
6
url VCID-tgd1-s1yg-9fdt
vulnerability_id VCID-tgd1-s1yg-9fdt
summary 
Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07572
published_at 2026-04-18T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07598
published_at 2026-04-02T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.0764
published_at 2026-04-04T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07615
published_at 2026-04-07T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07673
published_at 2026-04-08T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07691
published_at 2026-04-09T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.0769
published_at 2026-04-11T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07676
published_at 2026-04-12T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.0766
published_at 2026-04-13T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07585
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-069
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/
url https://cwiki.apache.org/confluence/display/WW/S2-069
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
5
reference_url http://www.openwall.com/lists/oss-security/2026/01/11/2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/01/11/2
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id 2428559
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
7
reference_url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
reference_id GHSA-qcfc-hmrc-59x7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.1.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-b7zy-qhz9-tuar
3
vulnerability VCID-dk2f-14xj-9bf8
4
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1
aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.28