Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24

Type maven

Namespace org.apache.struts.xwork

Name xwork-core

Version 2.3.24

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-js22-usgt-8qd9

vulnerability_id VCID-js22-usgt-8qd9

summary Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000111

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000111

reference_url

http://jvn.jp/en/jp/JVN45093481/index.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN45093481/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4430.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4430.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4430

reference_id

reference_type

scores

value	0.01254
scoring_system	epss
scoring_elements	0.79359
published_at	2026-04-13T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.7937
published_at	2026-04-12T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79386
published_at	2026-04-11T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79362
published_at	2026-04-09T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79353
published_at	2026-04-08T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79327
published_at	2026-04-07T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79318
published_at	2026-04-02T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79392
published_at	2026-04-21T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79389
published_at	2026-04-18T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79391
published_at	2026-04-16T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79341
published_at	2026-04-04T12:55:00Z

value	0.01254
scoring_system	epss
scoring_elements	0.79311
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4430

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1348249

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1348249

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e

reference_url	https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/eccc31ebce5430f9e91b9684c63eaaf885e603f9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4430

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4430

reference_url

https://struts.apache.org/docs/s2-038.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-038.html

reference_url

https://web.archive.org/web/20210123144953/http://www.securityfocus.com/bid/91281

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123144953/http://www.securityfocus.com/bid/91281

reference_url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.securityfocus.com/bid/91281
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91281

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:::::::*

reference_url

https://github.com/advisories/GHSA-38qw-j787-v8c2

reference_id

GHSA-38qw-j787-v8c2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-38qw-j787-v8c2

fixed_packages

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29

aliases CVE-2016-4430, GHSA-38qw-j787-v8c2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-js22-usgt-8qd9

url

VCID-tgd1-s1yg-9fdt

vulnerability_id

VCID-tgd1-s1yg-9fdt

summary

Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07712
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07615
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0764
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07673
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07572
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07585
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0766
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07676
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0769
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07598
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07691
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-68493

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/

url

https://cwiki.apache.org/confluence/display/WW/S2-069

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68493

reference_url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/01/11/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id	2428559
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2428559

reference_url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

reference_id

GHSA-qcfc-hmrc-59x7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcfc-hmrc-59x7

fixed_packages

aliases

CVE-2025-68493, GHSA-qcfc-hmrc-59x7

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt

url VCID-zc1y-ff37-nqat

vulnerability_id VCID-zc1y-ff37-nqat

summary Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.

references

reference_url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000112

reference_url

http://jvn.jp/en/jp/JVN45093481/index.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://jvn.jp/en/jp/JVN45093481/index.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4433.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4433.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4433

reference_id

reference_type

scores

value	0.03516
scoring_system	epss
scoring_elements	0.87634
published_at	2026-04-13T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87647
published_at	2026-04-21T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87649
published_at	2026-04-16T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87602
published_at	2026-04-04T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87588
published_at	2026-04-02T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87579
published_at	2026-04-01T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.8765
published_at	2026-04-18T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87637
published_at	2026-04-12T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87642
published_at	2026-04-11T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.8763
published_at	2026-04-09T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87624
published_at	2026-04-08T12:55:00Z

value	0.03516
scoring_system	epss
scoring_elements	0.87604
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4433

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1348251

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1348251

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/b28b78c062f0bf3c79793a25aab8c9b6c12bce6e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4433

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4433

reference_url

https://struts.apache.org/docs/s2-039.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://struts.apache.org/docs/s2-039.html

reference_url

https://web.archive.org/web/20210123144955/http://www.securityfocus.com/bid/91282

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123144955/http://www.securityfocus.com/bid/91282

reference_url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282

reference_url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www-01.ibm.com/support/docview.wss?uid=swg21987854

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url	http://www.securityfocus.com/bid/91282
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91282

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.20.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.24.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_id	cpe:2.3:a:apache:struts:2.3.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:::::::*

reference_url

https://github.com/advisories/GHSA-wm8w-qp2f-728q

reference_id

GHSA-wm8w-qp2f-728q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wm8w-qp2f-728q

fixed_packages

url pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29

purl pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29

aliases CVE-2016-4433, GHSA-wm8w-qp2f-728q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zc1y-ff37-nqat

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts.xwork/xwork-core@2.3.24

Package Instance