Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.2.3
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.2.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.11
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-1exe-1vfk-f7bn
vulnerability_id VCID-1exe-1vfk-f7bn
summary 
Allows open redirects
Multiple open redirect vulnerabilities in this package allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the `redirect:` or `redirectAction:` prefix.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2248
reference_id
reference_type
scores
0
value 0.91954
scoring_system epss
scoring_elements 0.99713
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2248
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6
3
reference_url https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e
4
reference_url https://issues.apache.org/jira/browse/WW-4140
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4140
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2248
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2248
6
reference_url http://struts.apache.org/docs/s2-017.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-017.html
7
reference_url http://struts.apache.org/release/2.3.x/docs/s2-017.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-017.html
8
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt
reference_id CVE-2013-2248;OSVDB-95406
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt
9
reference_url https://www.securityfocus.com/bid/61196/info
reference_id CVE-2013-2248;OSVDB-95406
reference_type exploit
scores
url https://www.securityfocus.com/bid/61196/info
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.15.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uv2-rvmy-53hk
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-84ge-vq7u-j3ar
3
vulnerability VCID-8jup-umjw-9ba4
4
vulnerability VCID-9mn7-d2mm-uqay
5
vulnerability VCID-dj42-wym9-nbhv
6
vulnerability VCID-dvxu-9sh6-qbef
7
vulnerability VCID-fwkj-x53j-yqd8
8
vulnerability VCID-ghqg-ae1b-w7br
9
vulnerability VCID-hrky-nmnv-g3eu
10
vulnerability VCID-kmqa-hsqy-muf1
11
vulnerability VCID-m39c-3bv2-6ugy
12
vulnerability VCID-mmth-7rgf-aqfa
13
vulnerability VCID-t1s3-f181-tqca
14
vulnerability VCID-vztu-pap6-37ev
15
vulnerability VCID-wtca-5ffw-w7bc
16
vulnerability VCID-z1jy-4da2-tyhk
17
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1
aliases CVE-2013-2248, GHSA-rpj9-r897-wc6q
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1exe-1vfk-f7bn
1
url VCID-1kjb-use6-23eu
vulnerability_id VCID-1kjb-use6-23eu
summary 
Code Injection
Apache Struts allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both `${}` and `%{}` sequences, which causes the OGNL code to be evaluated twice.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2135
reference_id
reference_type
scores
0
value 0.83013
scoring_system epss
scoring_elements 0.99272
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2135
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-015
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-015
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
4
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
5
reference_url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
6
reference_url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
7
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
8
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
9
reference_url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
10
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
11
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
12
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
13
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
14
reference_url https://issues.apache.org/jira/browse/WW-4090
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4090
15
reference_url https://issues.apache.org/jira/browse/WW-4094
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4094
16
reference_url https://issues.apache.org/jira/browse/WW-4095
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4095
17
reference_url http://struts.apache.org/development/2.x/docs/s2-015.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-015.html
18
reference_url http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-015.html
19
reference_url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
20
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
21
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2135
reference_id CVE-2013-2135
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2135
23
reference_url https://github.com/advisories/GHSA-pw8r-x2qm-3h5m
reference_id GHSA-pw8r-x2qm-3h5m
reference_type
scores
url https://github.com/advisories/GHSA-pw8r-x2qm-3h5m
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1uv2-rvmy-53hk
2
vulnerability VCID-7uv9-4vy7-ryd1
3
vulnerability VCID-84ge-vq7u-j3ar
4
vulnerability VCID-8jup-umjw-9ba4
5
vulnerability VCID-9mn7-d2mm-uqay
6
vulnerability VCID-dj42-wym9-nbhv
7
vulnerability VCID-dvxu-9sh6-qbef
8
vulnerability VCID-fwkj-x53j-yqd8
9
vulnerability VCID-ghqg-ae1b-w7br
10
vulnerability VCID-hrky-nmnv-g3eu
11
vulnerability VCID-kmqa-hsqy-muf1
12
vulnerability VCID-m39c-3bv2-6ugy
13
vulnerability VCID-mmth-7rgf-aqfa
14
vulnerability VCID-t1s3-f181-tqca
15
vulnerability VCID-vztu-pap6-37ev
16
vulnerability VCID-wtca-5ffw-w7bc
17
vulnerability VCID-z1jy-4da2-tyhk
18
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3
aliases CVE-2013-2135, GHSA-pw8r-x2qm-3h5m
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kjb-use6-23eu
2
url VCID-1uv2-rvmy-53hk
vulnerability_id VCID-1uv2-rvmy-53hk
summary 
Incomplete fix for ClassLoader manipulation via ParametersInterceptor
This package does not properly restrict access to the getClass method, which allows remote attackers to `manipulate` the `ClassLoader` and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
1
reference_url http://jvn.jp/en/jp/JVN19294237/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN19294237/index.html
2
reference_url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
3
reference_url https://access.redhat.com/errata/RHSA-2019:0910
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0910
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0112
reference_id
reference_type
scores
0
value 0.91467
scoring_system epss
scoring_elements 0.99682
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0112
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1091939
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1091939
7
reference_url https://cwiki.apache.org/confluence/display/WW/S2-021
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-021
8
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
9
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0112
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0112
11
reference_url http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-021.html
12
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112
13
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
14
reference_url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
15
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-9mn7-d2mm-uqay
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-dvxu-9sh6-qbef
4
vulnerability VCID-fwkj-x53j-yqd8
5
vulnerability VCID-ghqg-ae1b-w7br
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-m39c-3bv2-6ugy
8
vulnerability VCID-mmth-7rgf-aqfa
9
vulnerability VCID-t1s3-f181-tqca
10
vulnerability VCID-vztu-pap6-37ev
11
vulnerability VCID-wtca-5ffw-w7bc
12
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2
1
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t8h-s9mh-p7c4
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-9mn7-d2mm-uqay
3
vulnerability VCID-dj42-wym9-nbhv
4
vulnerability VCID-dvxu-9sh6-qbef
5
vulnerability VCID-fwkj-x53j-yqd8
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-mmth-7rgf-aqfa
8
vulnerability VCID-qdsq-8td3-5qa1
9
vulnerability VCID-vztu-pap6-37ev
10
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-0112, GHSA-prjv-jj26-wf8h
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uv2-rvmy-53hk
3
url VCID-4x3k-a11x-7bee
vulnerability_id VCID-4x3k-a11x-7bee
summary 
Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags
This package allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the `includeParams` attribute in the URL or A tag.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1966
reference_id
reference_type
scores
0
value 0.91096
scoring_system epss
scoring_elements 0.9966
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1966
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=967656
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=967656
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-013
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-013
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56
6
reference_url http://struts.apache.org/development/2.x/docs/s2-013.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-013.html
7
reference_url http://struts.apache.org/docs/s2-013.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-013.html
8
reference_url http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-014.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1966
reference_id CVE-2013-1966
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1966
10
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
reference_id CVE-2013-2115;OSVDB-93645;CVE-2013-1966
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb
11
reference_url https://github.com/advisories/GHSA-737w-mh58-cxjp
reference_id GHSA-737w-mh58-cxjp
reference_type
scores
url https://github.com/advisories/GHSA-737w-mh58-cxjp
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1kjb-use6-23eu
2
vulnerability VCID-1uv2-rvmy-53hk
3
vulnerability VCID-447s-4ag7-gyes
4
vulnerability VCID-7uv9-4vy7-ryd1
5
vulnerability VCID-84ge-vq7u-j3ar
6
vulnerability VCID-89az-256b-mubw
7
vulnerability VCID-8jup-umjw-9ba4
8
vulnerability VCID-9mn7-d2mm-uqay
9
vulnerability VCID-dj42-wym9-nbhv
10
vulnerability VCID-dvxu-9sh6-qbef
11
vulnerability VCID-fwkj-x53j-yqd8
12
vulnerability VCID-ghqg-ae1b-w7br
13
vulnerability VCID-hrky-nmnv-g3eu
14
vulnerability VCID-kmqa-hsqy-muf1
15
vulnerability VCID-m39c-3bv2-6ugy
16
vulnerability VCID-mmth-7rgf-aqfa
17
vulnerability VCID-t1s3-f181-tqca
18
vulnerability VCID-vztu-pap6-37ev
19
vulnerability VCID-wtca-5ffw-w7bc
20
vulnerability VCID-z1jy-4da2-tyhk
21
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2
aliases CVE-2013-1966, GHSA-737w-mh58-cxjp
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4x3k-a11x-7bee
4
url VCID-7uv9-4vy7-ryd1
vulnerability_id VCID-7uv9-4vy7-ryd1
summary 
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set,  and it's upper actions have no or wildcard namespace.
references
0
reference_url http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-11776
reference_id
reference_type
scores
0
value 0.94431
scoring_system epss
scoring_elements 0.99987
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-11776
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-057
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-057
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b
6
reference_url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e
7
reference_url https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72
8
reference_url https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d
9
reference_url https://lgtm.com/blog/apache_struts_CVE-2018-11776
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lgtm.com/blog/apache_struts_CVE-2018-11776
10
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E
12
reference_url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012
13
reference_url https://security.netapp.com/advisory/ntap-20180822-0001
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180822-0001
14
reference_url https://security.netapp.com/advisory/ntap-20181018-0002
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181018-0002
15
reference_url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125
16
reference_url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888
17
reference_url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547
18
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776
19
reference_url https://www.exploit-db.com/exploits/45260
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45260
20
reference_url https://www.exploit-db.com/exploits/45262
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45262
21
reference_url https://www.exploit-db.com/exploits/45367
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/45367
22
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2020.html
23
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
24
reference_url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt
25
reference_url http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html
26
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
27
reference_url http://www.securityfocus.com/bid/105125
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/105125
28
reference_url http://www.securitytracker.com/id/1041547
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041547
29
reference_url http://www.securitytracker.com/id/1041888
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1041888
30
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1620019
reference_id 1620019
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1620019
31
reference_url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py
32
reference_url https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py
33
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py
34
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py
reference_id CVE-2018-11776
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py
35
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb
reference_id CVE-2018-11776
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb
36
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
reference_id CVE-2018-11776
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-11776
37
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb
reference_id CVE-2018-11776
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb
38
reference_url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
reference_id CVE-2018-11776-PYTHON-POC
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
39
reference_url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
reference_id GHSA-cr6j-3jp9-rw65
reference_type
scores
url https://github.com/advisories/GHSA-cr6j-3jp9-rw65
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.35
purl pkg:maven/org.apache.struts/struts2-core@2.3.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dj42-wym9-nbhv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35
1
url pkg:maven/org.apache.struts/struts2-core@2.5.17
purl pkg:maven/org.apache.struts/struts2-core@2.5.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17
aliases CVE-2018-11776, GHSA-cr6j-3jp9-rw65
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7uv9-4vy7-ryd1
5
url VCID-84ge-vq7u-j3ar
vulnerability_id VCID-84ge-vq7u-j3ar
summary 
Incomplete fix for ClassLoader manipulation via ParametersInterceptor
The `ParametersInterceptor` in this package allows remote attackers to `manipulate` the `ClassLoader` via the class parameter, which is passed to the getClass method.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
1
reference_url http://jvn.jp/en/jp/JVN19294237/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN19294237/index.html
2
reference_url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0094
reference_id
reference_type
scores
0
value 0.93134
scoring_system epss
scoring_elements 0.998
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0094
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
7
reference_url https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
8
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
9
reference_url http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-021.html
10
reference_url http://struts.apache.org/release/2.3.x/docs/s2-020.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-020.html
11
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094
12
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
13
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
14
reference_url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
15
reference_url http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
16
reference_url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.vmware.com/security/advisories/VMSA-2014-0007.html
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1073716
reference_id 1073716
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1073716
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0094
reference_id CVE-2014-0094
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0094
19
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
reference_id CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb
20
reference_url https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
reference_id CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type exploit
scores
url https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb
21
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
reference_id CVE-2014-0114;CVE-2014-0112;CVE-2014-0094
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb
22
reference_url https://github.com/advisories/GHSA-vrwc-qjmw-5rjm
reference_id GHSA-vrwc-qjmw-5rjm
reference_type
scores
url https://github.com/advisories/GHSA-vrwc-qjmw-5rjm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-9mn7-d2mm-uqay
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-dvxu-9sh6-qbef
4
vulnerability VCID-fwkj-x53j-yqd8
5
vulnerability VCID-ghqg-ae1b-w7br
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-m39c-3bv2-6ugy
8
vulnerability VCID-mmth-7rgf-aqfa
9
vulnerability VCID-t1s3-f181-tqca
10
vulnerability VCID-vztu-pap6-37ev
11
vulnerability VCID-wtca-5ffw-w7bc
12
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2
aliases CVE-2014-0094, GHSA-vrwc-qjmw-5rjm
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84ge-vq7u-j3ar
6
url VCID-89az-256b-mubw
vulnerability_id VCID-89az-256b-mubw
summary 
Code Injection
Apache Struts 2 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2134
reference_id
reference_type
scores
0
value 0.90936
scoring_system epss
scoring_elements 0.99648
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2134
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-015
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-015
2
reference_url http://security.gentoo.org/glsa/glsa-201409-04.xml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://security.gentoo.org/glsa/glsa-201409-04.xml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e
5
reference_url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0
6
reference_url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f
7
reference_url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c
8
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe
9
reference_url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3
10
reference_url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba
11
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3
12
reference_url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37
13
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1
14
reference_url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16
15
reference_url https://issues.apache.org/jira/browse/WW-4090
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4090
16
reference_url https://issues.apache.org/jira/browse/WW-4094
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4094
17
reference_url https://issues.apache.org/jira/browse/WW-4095
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4095
18
reference_url http://struts.apache.org/development/2.x/docs/s2-015.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-015.html
19
reference_url http://struts.apache.org/docs/s2-015.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-015.html
20
reference_url https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346
21
reference_url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758
22
reference_url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
23
reference_url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2134
reference_id CVE-2013-2134
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2134
25
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
reference_id CVE-2013-2134;OSVDB-93969
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt
26
reference_url https://www.securityfocus.com/bid/60345/info
reference_id CVE-2013-2134;OSVDB-93969
reference_type exploit
scores
url https://www.securityfocus.com/bid/60345/info
27
reference_url https://github.com/advisories/GHSA-gqqm-564f-vvxq
reference_id GHSA-gqqm-564f-vvxq
reference_type
scores
url https://github.com/advisories/GHSA-gqqm-564f-vvxq
28
reference_url https://security.gentoo.org/glsa/201409-04
reference_id GLSA-201409-04
reference_type
scores
url https://security.gentoo.org/glsa/201409-04
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1uv2-rvmy-53hk
2
vulnerability VCID-7uv9-4vy7-ryd1
3
vulnerability VCID-84ge-vq7u-j3ar
4
vulnerability VCID-8jup-umjw-9ba4
5
vulnerability VCID-9mn7-d2mm-uqay
6
vulnerability VCID-dj42-wym9-nbhv
7
vulnerability VCID-dvxu-9sh6-qbef
8
vulnerability VCID-fwkj-x53j-yqd8
9
vulnerability VCID-ghqg-ae1b-w7br
10
vulnerability VCID-hrky-nmnv-g3eu
11
vulnerability VCID-kmqa-hsqy-muf1
12
vulnerability VCID-m39c-3bv2-6ugy
13
vulnerability VCID-mmth-7rgf-aqfa
14
vulnerability VCID-t1s3-f181-tqca
15
vulnerability VCID-vztu-pap6-37ev
16
vulnerability VCID-wtca-5ffw-w7bc
17
vulnerability VCID-z1jy-4da2-tyhk
18
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3
aliases CVE-2013-2134, GHSA-gqqm-564f-vvxq
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89az-256b-mubw
7
url VCID-8jup-umjw-9ba4
vulnerability_id VCID-8jup-umjw-9ba4
summary 
Classloader manipulation via CookieInterceptor
CookieInterceptor in this package, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0113
reference_id
reference_type
scores
0
value 0.82224
scoring_system epss
scoring_elements 0.99238
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0113
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-021
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-021
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0113
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0113
6
reference_url http://struts.apache.org/docs/s2-021.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-021.html
7
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113
8
reference_url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www-01.ibm.com/support/docview.wss?uid=swg21676706
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1092201
reference_id 1092201
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1092201
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-9mn7-d2mm-uqay
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-dvxu-9sh6-qbef
4
vulnerability VCID-fwkj-x53j-yqd8
5
vulnerability VCID-ghqg-ae1b-w7br
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-m39c-3bv2-6ugy
8
vulnerability VCID-mmth-7rgf-aqfa
9
vulnerability VCID-t1s3-f181-tqca
10
vulnerability VCID-vztu-pap6-37ev
11
vulnerability VCID-wtca-5ffw-w7bc
12
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2
1
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t8h-s9mh-p7c4
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-9mn7-d2mm-uqay
3
vulnerability VCID-dj42-wym9-nbhv
4
vulnerability VCID-dvxu-9sh6-qbef
5
vulnerability VCID-fwkj-x53j-yqd8
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-mmth-7rgf-aqfa
8
vulnerability VCID-qdsq-8td3-5qa1
9
vulnerability VCID-vztu-pap6-37ev
10
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-0113, GHSA-3c5c-xrq4-qhr8
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jup-umjw-9ba4
8
url VCID-9mn7-d2mm-uqay
vulnerability_id VCID-9mn7-d2mm-uqay
summary 
Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the `URLDecoder` function in JRE, as used in Apache Struts, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in an url-encoded parameter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4003
reference_id
reference_type
scores
0
value 0.02629
scoring_system epss
scoring_elements 0.85969
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4003
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc
4
reference_url https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9
5
reference_url https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e
6
reference_url https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2
7
reference_url https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c
8
reference_url https://issues.apache.org/jira/browse/WW-4507
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4507
9
reference_url http://struts.apache.org/docs/s2-028.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-028.html
10
reference_url https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311
11
reference_url https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268
12
reference_url http://www.securityfocus.com/bid/86311
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/86311
13
reference_url http://www.securitytracker.com/id/1035268
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035268
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1326725
reference_id 1326725
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1326725
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4003
reference_id CVE-2016-4003
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4003
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-dj42-wym9-nbhv
2
vulnerability VCID-dvxu-9sh6-qbef
3
vulnerability VCID-hrky-nmnv-g3eu
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-qdsq-8td3-5qa1
6
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.28
purl pkg:maven/org.apache.struts/struts2-core@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6dfe-8yy4-kkfj
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-dvxu-9sh6-qbef
4
vulnerability VCID-hrky-nmnv-g3eu
5
vulnerability VCID-mmth-7rgf-aqfa
6
vulnerability VCID-qdsq-8td3-5qa1
7
vulnerability VCID-vztu-pap6-37ev
8
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28
aliases CVE-2016-4003, GHSA-m3x6-9v6h-4g28
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mn7-d2mm-uqay
9
url VCID-dj42-wym9-nbhv
vulnerability_id VCID-dj42-wym9-nbhv
summary 
Improper Input Validation
The Apache Struts REST Plugin XStream library allow attackers to perform a DoS attack when using a malicious request with specially crafted XML payload.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1327
reference_id
reference_type
scores
0
value 0.0622
scoring_system epss
scoring_elements 0.91037
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1327
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-056
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-056
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa
5
reference_url https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4
6
reference_url https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323
7
reference_url https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E
9
reference_url https://security.netapp.com/advisory/ntap-20180330-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180330-0001
10
reference_url https://struts.apache.org/docs/s2-056.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-056.html
11
reference_url https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516
12
reference_url https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575
13
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
14
reference_url http://www.securityfocus.com/bid/103516
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103516
15
reference_url http://www.securitytracker.com/id/1040575
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1040575
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1561007
reference_id 1561007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1561007
17
reference_url https://access.redhat.com/security/cve/CVE-2018-1327
reference_id CVE-2018-1327
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2018-1327
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1327
reference_id CVE-2018-1327
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1327
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.16
purl pkg:maven/org.apache.struts/struts2-core@2.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16
aliases CVE-2018-1327, GHSA-38cr-2ph5-frr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dj42-wym9-nbhv
10
url VCID-dvxu-9sh6-qbef
vulnerability_id VCID-dvxu-9sh6-qbef
summary 
Improper Input Validation
Using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12611
reference_id
reference_type
scores
0
value 0.94228
scoring_system epss
scoring_elements 0.99929
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12611
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa
4
reference_url https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f
5
reference_url https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001
6
reference_url https://struts.apache.org/docs/s2-053.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-053.html
7
reference_url https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829
8
reference_url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt
9
reference_url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
10
reference_url http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100829
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1489478
reference_id 1489478
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1489478
12
reference_url https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py
reference_id CVE-2017-12611
reference_type exploit
scores
url https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py
13
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py
reference_id CVE-2017-12611
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
reference_id CVE-2017-12611
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-9mn7-d2mm-uqay
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-fwkj-x53j-yqd8
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-qdsq-8td3-5qa1
6
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.34
purl pkg:maven/org.apache.struts/struts2-core@2.3.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-dj42-wym9-nbhv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34
2
url pkg:maven/org.apache.struts/struts2-core@2.5.10.1
purl pkg:maven/org.apache.struts/struts2-core@2.5.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21k4-5a8r-7bd9
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-hrky-nmnv-g3eu
4
vulnerability VCID-mmth-7rgf-aqfa
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1
3
url pkg:maven/org.apache.struts/struts2-core@2.5.11
purl pkg:maven/org.apache.struts/struts2-core@2.5.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11
4
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-dj42-wym9-nbhv
2
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-12611, GHSA-8fx9-5hx8-crhm
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvxu-9sh6-qbef
11
url VCID-fwkj-x53j-yqd8
vulnerability_id VCID-fwkj-x53j-yqd8
summary 
Manipulation of Struts internals
This package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5209
reference_id
reference_type
scores
0
value 0.01362
scoring_system epss
scoring_elements 0.80507
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5209
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5209
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5209
2
reference_url https://security.netapp.com/advisory/ntap-20180629-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0002
3
reference_url https://struts.apache.org/docs/s2-026.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-026.html
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.24.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6dfe-8yy4-kkfj
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-9mn7-d2mm-uqay
3
vulnerability VCID-dj42-wym9-nbhv
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-q2ad-khtm-nqdr
6
vulnerability VCID-qdsq-8td3-5qa1
7
vulnerability VCID-vztu-pap6-37ev
8
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1
aliases CVE-2015-5209, GHSA-4qgj-9mvg-3929
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fwkj-x53j-yqd8
12
url VCID-ghqg-ae1b-w7br
vulnerability_id VCID-ghqg-ae1b-w7br
summary 
Classloader manipulation via CookieInterceptor
CookieInterceptor in this package, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0116
reference_id
reference_type
scores
0
value 0.02831
scoring_system epss
scoring_elements 0.8645
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0116
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02
4
reference_url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0116
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0116
6
reference_url http://struts.apache.org/docs/s2-022.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-022.html
7
reference_url http://struts.apache.org/release/2.3.x/docs/s2-022.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-022.html
8
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116
9
reference_url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1094558
reference_id 1094558
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1094558
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.16.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.16.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-9mn7-d2mm-uqay
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-dvxu-9sh6-qbef
4
vulnerability VCID-fwkj-x53j-yqd8
5
vulnerability VCID-hrky-nmnv-g3eu
6
vulnerability VCID-m39c-3bv2-6ugy
7
vulnerability VCID-mmth-7rgf-aqfa
8
vulnerability VCID-t1s3-f181-tqca
9
vulnerability VCID-vztu-pap6-37ev
10
vulnerability VCID-wtca-5ffw-w7bc
11
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t8h-s9mh-p7c4
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-9mn7-d2mm-uqay
3
vulnerability VCID-dj42-wym9-nbhv
4
vulnerability VCID-dvxu-9sh6-qbef
5
vulnerability VCID-fwkj-x53j-yqd8
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-mmth-7rgf-aqfa
8
vulnerability VCID-qdsq-8td3-5qa1
9
vulnerability VCID-vztu-pap6-37ev
10
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-0116, GHSA-hmhq-382q-mp56
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghqg-ae1b-w7br
13
url VCID-kc4z-fnyk-tkdu
vulnerability_id VCID-kc4z-fnyk-tkdu
summary 
OGNL expression unexpected evaluation on conversion error
This package evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012
1
reference_url http://jvn.jp/en/jp/JVN79099262/index.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN79099262/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0838
reference_id
reference_type
scores
0
value 0.11109
scoring_system epss
scoring_elements 0.93605
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0838
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e
6
reference_url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b
7
reference_url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892
8
reference_url https://issues.apache.org/jira/browse/WW-3668
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3668
9
reference_url http://struts.apache.org/2.3.1.2/docs/s2-007.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.3.1.2/docs/s2-007.html
10
reference_url http://struts.apache.org/docs/s2-007.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-007.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=799980
reference_id 799980
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=799980
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-0838
reference_id CVE-2012-0838
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-0838
13
reference_url https://github.com/advisories/GHSA-mwrx-hx6x-3hhv
reference_id GHSA-mwrx-hx6x-3hhv
reference_type
scores
url https://github.com/advisories/GHSA-mwrx-hx6x-3hhv
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.3.1
purl pkg:maven/org.apache.struts/struts2-core@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1kjb-use6-23eu
2
vulnerability VCID-1uv2-rvmy-53hk
3
vulnerability VCID-4x3k-a11x-7bee
4
vulnerability VCID-7uv9-4vy7-ryd1
5
vulnerability VCID-84ge-vq7u-j3ar
6
vulnerability VCID-89az-256b-mubw
7
vulnerability VCID-8jup-umjw-9ba4
8
vulnerability VCID-9mn7-d2mm-uqay
9
vulnerability VCID-dj42-wym9-nbhv
10
vulnerability VCID-dvxu-9sh6-qbef
11
vulnerability VCID-fwkj-x53j-yqd8
12
vulnerability VCID-ghqg-ae1b-w7br
13
vulnerability VCID-kcy9-3d45-23b1
14
vulnerability VCID-kmqa-hsqy-muf1
15
vulnerability VCID-m39c-3bv2-6ugy
16
vulnerability VCID-t1s3-f181-tqca
17
vulnerability VCID-tqxu-gna6-j3ff
18
vulnerability VCID-wsvw-qwt7-qbg1
19
vulnerability VCID-wtca-5ffw-w7bc
20
vulnerability VCID-xd9a-gdh3-97ar
21
vulnerability VCID-z1jy-4da2-tyhk
22
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1
aliases CVE-2012-0838, GHSA-mwrx-hx6x-3hhv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kc4z-fnyk-tkdu
14
url VCID-kcy9-3d45-23b1
vulnerability_id VCID-kcy9-3d45-23b1
summary 
Long parameter name DoS
This package allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4387
reference_id
reference_type
scores
0
value 0.07916
scoring_system epss
scoring_elements 0.92183
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4387
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78183
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78183
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9
4
reference_url https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa
5
reference_url https://issues.apache.org/jira/browse/WW-3860
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3860
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4387
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4387
7
reference_url http://struts.apache.org/2.x/docs/s2-011.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-011.html
8
reference_url http://struts.apache.org/docs/s2-011.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-011.html
9
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/4
10
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/5
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.4.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1kjb-use6-23eu
2
vulnerability VCID-1uv2-rvmy-53hk
3
vulnerability VCID-4x3k-a11x-7bee
4
vulnerability VCID-7uv9-4vy7-ryd1
5
vulnerability VCID-84ge-vq7u-j3ar
6
vulnerability VCID-89az-256b-mubw
7
vulnerability VCID-8jup-umjw-9ba4
8
vulnerability VCID-9mn7-d2mm-uqay
9
vulnerability VCID-dj42-wym9-nbhv
10
vulnerability VCID-dvxu-9sh6-qbef
11
vulnerability VCID-fwkj-x53j-yqd8
12
vulnerability VCID-ghqg-ae1b-w7br
13
vulnerability VCID-kmqa-hsqy-muf1
14
vulnerability VCID-m39c-3bv2-6ugy
15
vulnerability VCID-t1s3-f181-tqca
16
vulnerability VCID-vztu-pap6-37ev
17
vulnerability VCID-wsvw-qwt7-qbg1
18
vulnerability VCID-wtca-5ffw-w7bc
19
vulnerability VCID-z1jy-4da2-tyhk
20
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1
aliases CVE-2012-4387, GHSA-hrgc-54mv-58gv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kcy9-3d45-23b1
15
url VCID-kmqa-hsqy-muf1
vulnerability_id VCID-kmqa-hsqy-muf1
summary 
Broken Access Control Vulnerability
This package allows remote attackers to bypass access controls via a crafted action: `prefix`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4310
reference_id
reference_type
scores
0
value 0.08725
scoring_system epss
scoring_elements 0.92641
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4310
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4310
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4310
5
reference_url http://struts.apache.org/docs/s2-018.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-018.html
6
reference_url http://struts.apache.org/release/2.3.x/docs/s2-018.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-018.html
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1013030
reference_id 1013030
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1013030
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.15.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uv2-rvmy-53hk
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-84ge-vq7u-j3ar
3
vulnerability VCID-8jup-umjw-9ba4
4
vulnerability VCID-9mn7-d2mm-uqay
5
vulnerability VCID-dj42-wym9-nbhv
6
vulnerability VCID-dvxu-9sh6-qbef
7
vulnerability VCID-fwkj-x53j-yqd8
8
vulnerability VCID-ghqg-ae1b-w7br
9
vulnerability VCID-hrky-nmnv-g3eu
10
vulnerability VCID-m39c-3bv2-6ugy
11
vulnerability VCID-mmth-7rgf-aqfa
12
vulnerability VCID-t1s3-f181-tqca
13
vulnerability VCID-vztu-pap6-37ev
14
vulnerability VCID-wtca-5ffw-w7bc
15
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3
aliases CVE-2013-4310, GHSA-q5q8-jghf-3pm3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmqa-hsqy-muf1
16
url VCID-m39c-3bv2-6ugy
vulnerability_id VCID-m39c-3bv2-6ugy
summary 
Cross-Site Scripting vulnerability on "Problem Report" screen
When Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.
references
0
reference_url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html
1
reference_url http://jvn.jp/en/jp/JVN95989300/index.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN95989300/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5169
reference_id
reference_type
scores
0
value 0.01198
scoring_system epss
scoring_elements 0.79222
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5169
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1260087
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1260087
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5169
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5169
7
reference_url https://security.netapp.com/advisory/ntap-20180629-0003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0003
8
reference_url https://struts.apache.org/docs/s2-025.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-025.html
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t8h-s9mh-p7c4
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-9mn7-d2mm-uqay
3
vulnerability VCID-dj42-wym9-nbhv
4
vulnerability VCID-dvxu-9sh6-qbef
5
vulnerability VCID-fwkj-x53j-yqd8
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-mmth-7rgf-aqfa
8
vulnerability VCID-qdsq-8td3-5qa1
9
vulnerability VCID-vztu-pap6-37ev
10
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2015-5169, GHSA-vwhv-j36g-5rm8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m39c-3bv2-6ugy
17
url VCID-t1s3-f181-tqca
vulnerability_id VCID-t1s3-f181-tqca
summary 
Cross-site Scripting
Apache Struts has a cross-site scripting (XSS) vulnerability.
references
0
reference_url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html
1
reference_url http://jvn.jp/en/jp/JVN88408929/index.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN88408929/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-2992
reference_id
reference_type
scores
0
value 0.00992
scoring_system epss
scoring_elements 0.77248
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-2992
4
reference_url https://cwiki.apache.org/confluence/display/WW/S2-025
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-025
5
reference_url https://cwiki.apache.org/confluence/display/WW/Security
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/Security
6
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
7
reference_url https://security.netapp.com/advisory/ntap-20200330-0001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200330-0001
8
reference_url http://www.securityfocus.com/bid/76624
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/76624
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1260101
reference_id 1260101
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1260101
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-2992
reference_id CVE-2015-2992
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-2992
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t8h-s9mh-p7c4
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-9mn7-d2mm-uqay
3
vulnerability VCID-dj42-wym9-nbhv
4
vulnerability VCID-dvxu-9sh6-qbef
5
vulnerability VCID-fwkj-x53j-yqd8
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-mmth-7rgf-aqfa
8
vulnerability VCID-qdsq-8td3-5qa1
9
vulnerability VCID-vztu-pap6-37ev
10
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2015-2992, GHSA-265r-pp83-gww7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1s3-f181-tqca
18
url VCID-tqxu-gna6-j3ff
vulnerability_id VCID-tqxu-gna6-j3ff
summary 
Remote code execution via OGNL injention in HTTP parameter values
OGNL provides, among other features, extensive expression evaluation capabilities. The vulnerability allows a malicious user to bypass all the protections (regex pattern, deny method invocation) built into the `ParametersInterceptor`, thus being able to inject a malicious expression in any exposed string variable for further evaluation.
references
0
reference_url http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3923
reference_id
reference_type
scores
0
value 0.91054
scoring_system epss
scoring_elements 0.99656
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3923
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/72585
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/72585
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-3923
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-3923
5
reference_url https://security-tracker.debian.org/tracker/CVE-2011-3923
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2011-3923
6
reference_url http://struts.apache.org/development/2.x/docs/s2-009.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-009.html
7
reference_url http://struts.apache.org/docs/s2-009.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-009.html
8
reference_url https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb
reference_id CVE-2011-3923;OSVDB-78501
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.1.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1kjb-use6-23eu
2
vulnerability VCID-1uv2-rvmy-53hk
3
vulnerability VCID-4x3k-a11x-7bee
4
vulnerability VCID-7uv9-4vy7-ryd1
5
vulnerability VCID-84ge-vq7u-j3ar
6
vulnerability VCID-89az-256b-mubw
7
vulnerability VCID-8jup-umjw-9ba4
8
vulnerability VCID-9mn7-d2mm-uqay
9
vulnerability VCID-dj42-wym9-nbhv
10
vulnerability VCID-dvxu-9sh6-qbef
11
vulnerability VCID-fwkj-x53j-yqd8
12
vulnerability VCID-ghqg-ae1b-w7br
13
vulnerability VCID-kcy9-3d45-23b1
14
vulnerability VCID-kmqa-hsqy-muf1
15
vulnerability VCID-m39c-3bv2-6ugy
16
vulnerability VCID-t1s3-f181-tqca
17
vulnerability VCID-vztu-pap6-37ev
18
vulnerability VCID-wsvw-qwt7-qbg1
19
vulnerability VCID-wtca-5ffw-w7bc
20
vulnerability VCID-xd9a-gdh3-97ar
21
vulnerability VCID-z1jy-4da2-tyhk
22
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2
aliases CVE-2011-3923, GHSA-j68f-8h6p-9h5q
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tqxu-gna6-j3ff
19
url VCID-wsvw-qwt7-qbg1
vulnerability_id VCID-wsvw-qwt7-qbg1
summary 
Remote command execution due to flaw in the includeParams attribute of URL and Anchor tags
This package allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the URL or A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2115
reference_id
reference_type
scores
0
value 0.8761
scoring_system epss
scoring_elements 0.99481
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2115
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=967656
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=967656
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-013
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-013
4
reference_url https://cwiki.apache.org/confluence/display/WW/S2-014
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-014
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650
7
reference_url https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d
8
reference_url https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6
9
reference_url https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474
10
reference_url https://issues.apache.org/jira/browse/WW-4063
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-4063
11
reference_url http://struts.apache.org/development/2.x/docs/s2-014.html
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/development/2.x/docs/s2-014.html
12
reference_url http://struts.apache.org/docs/s2-014.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-014.html
13
reference_url https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2115
reference_id CVE-2013-2115
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2115
15
reference_url https://github.com/advisories/GHSA-7ghm-rpc7-p7g5
reference_id GHSA-7ghm-rpc7-p7g5
reference_type
scores
url https://github.com/advisories/GHSA-7ghm-rpc7-p7g5
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.14.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1kjb-use6-23eu
2
vulnerability VCID-1uv2-rvmy-53hk
3
vulnerability VCID-447s-4ag7-gyes
4
vulnerability VCID-7uv9-4vy7-ryd1
5
vulnerability VCID-84ge-vq7u-j3ar
6
vulnerability VCID-89az-256b-mubw
7
vulnerability VCID-8jup-umjw-9ba4
8
vulnerability VCID-9mn7-d2mm-uqay
9
vulnerability VCID-dj42-wym9-nbhv
10
vulnerability VCID-dvxu-9sh6-qbef
11
vulnerability VCID-fwkj-x53j-yqd8
12
vulnerability VCID-ghqg-ae1b-w7br
13
vulnerability VCID-hrky-nmnv-g3eu
14
vulnerability VCID-kmqa-hsqy-muf1
15
vulnerability VCID-m39c-3bv2-6ugy
16
vulnerability VCID-mmth-7rgf-aqfa
17
vulnerability VCID-t1s3-f181-tqca
18
vulnerability VCID-vztu-pap6-37ev
19
vulnerability VCID-wtca-5ffw-w7bc
20
vulnerability VCID-z1jy-4da2-tyhk
21
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2
aliases CVE-2013-2115, GHSA-7ghm-rpc7-p7g5
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsvw-qwt7-qbg1
20
url VCID-wtca-5ffw-w7bc
vulnerability_id VCID-wtca-5ffw-w7bc
summary 
Predictable CSRF token
This package uses predictable `<s:token/>` values, which allows remote attackers to bypass the CSRF protection mechanism.
references
0
reference_url http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
reference_id
reference_type
scores
url http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
1
reference_url http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7809
reference_id
reference_type
scores
0
value 0.07545
scoring_system epss
scoring_elements 0.91966
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7809
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7809
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7809
7
reference_url http://struts.apache.org/docs/s2-023.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-023.html
8
reference_url https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309
9
reference_url https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548
10
reference_url https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded
11
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1172133
reference_id 1172133
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1172133
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20
purl pkg:maven/org.apache.struts/struts2-core@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4t8h-s9mh-p7c4
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-9mn7-d2mm-uqay
3
vulnerability VCID-dj42-wym9-nbhv
4
vulnerability VCID-dvxu-9sh6-qbef
5
vulnerability VCID-fwkj-x53j-yqd8
6
vulnerability VCID-hrky-nmnv-g3eu
7
vulnerability VCID-mmth-7rgf-aqfa
8
vulnerability VCID-qdsq-8td3-5qa1
9
vulnerability VCID-vztu-pap6-37ev
10
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20
aliases CVE-2014-7809, GHSA-h4v9-jf2r-9h6m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtca-5ffw-w7bc
21
url VCID-xd9a-gdh3-97ar
vulnerability_id VCID-xd9a-gdh3-97ar
summary 
CSRF protection bypass
The token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4386
reference_id
reference_type
scores
0
value 0.03235
scoring_system epss
scoring_elements 0.87315
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4386
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78182
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78182
2
reference_url https://issues.apache.org/jira/browse/WW-3858
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3858
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4386
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4386
4
reference_url http://struts.apache.org/2.x/docs/s2-010.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-010.html
5
reference_url http://struts.apache.org/docs/s2-010.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-010.html
6
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/4
7
reference_url http://www.openwall.com/lists/oss-security/2012/09/01/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/01/5
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.4.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1kjb-use6-23eu
2
vulnerability VCID-1uv2-rvmy-53hk
3
vulnerability VCID-4x3k-a11x-7bee
4
vulnerability VCID-7uv9-4vy7-ryd1
5
vulnerability VCID-84ge-vq7u-j3ar
6
vulnerability VCID-89az-256b-mubw
7
vulnerability VCID-8jup-umjw-9ba4
8
vulnerability VCID-9mn7-d2mm-uqay
9
vulnerability VCID-dj42-wym9-nbhv
10
vulnerability VCID-dvxu-9sh6-qbef
11
vulnerability VCID-fwkj-x53j-yqd8
12
vulnerability VCID-ghqg-ae1b-w7br
13
vulnerability VCID-kmqa-hsqy-muf1
14
vulnerability VCID-m39c-3bv2-6ugy
15
vulnerability VCID-t1s3-f181-tqca
16
vulnerability VCID-vztu-pap6-37ev
17
vulnerability VCID-wsvw-qwt7-qbg1
18
vulnerability VCID-wtca-5ffw-w7bc
19
vulnerability VCID-z1jy-4da2-tyhk
20
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1
aliases CVE-2012-4386, GHSA-2rvh-q539-q33v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd9a-gdh3-97ar
22
url VCID-z1jy-4da2-tyhk
vulnerability_id VCID-z1jy-4da2-tyhk
summary 
Improper Input Validation
`XSLTResult` in Apache Struts allows remote attackers to execute arbitrary code via the stylesheet location parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-3082
reference_id
reference_type
scores
0
value 0.24626
scoring_system epss
scoring_elements 0.96233
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-3082
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f
3
reference_url http://struts.apache.org/docs/s2-031.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-031.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
reference_id CVE-2016-3082
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-9mn7-d2mm-uqay
2
vulnerability VCID-dj42-wym9-nbhv
3
vulnerability VCID-fwkj-x53j-yqd8
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-qdsq-8td3-5qa1
6
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-dj42-wym9-nbhv
2
vulnerability VCID-dvxu-9sh6-qbef
3
vulnerability VCID-hrky-nmnv-g3eu
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-qdsq-8td3-5qa1
6
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
2
url pkg:maven/org.apache.struts/struts2-core@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7uv9-4vy7-ryd1
1
vulnerability VCID-dj42-wym9-nbhv
2
vulnerability VCID-dvxu-9sh6-qbef
3
vulnerability VCID-hrky-nmnv-g3eu
4
vulnerability VCID-mmth-7rgf-aqfa
5
vulnerability VCID-qdsq-8td3-5qa1
6
vulnerability VCID-vztu-pap6-37ev
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1
aliases CVE-2016-3082, GHSA-pvm9-288c-v5wq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jy-4da2-tyhk
23
url VCID-z6wr-3psx-dbfm
vulnerability_id VCID-z6wr-3psx-dbfm
summary This package enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
references
0
reference_url http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4316
reference_id
reference_type
scores
0
value 0.06168
scoring_system epss
scoring_elements 0.90991
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4316
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1
5
reference_url https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4316
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4316
7
reference_url http://struts.apache.org/docs/s2-019.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-019.html
8
reference_url http://struts.apache.org/release/2.3.x/docs/s2-019.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/release/2.3.x/docs/s2-019.html
9
reference_url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316
reference_id
reference_type
scores
url https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1013036
reference_id 1013036
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1013036
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.15.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uv2-rvmy-53hk
1
vulnerability VCID-7uv9-4vy7-ryd1
2
vulnerability VCID-84ge-vq7u-j3ar
3
vulnerability VCID-8jup-umjw-9ba4
4
vulnerability VCID-9mn7-d2mm-uqay
5
vulnerability VCID-dj42-wym9-nbhv
6
vulnerability VCID-dvxu-9sh6-qbef
7
vulnerability VCID-fwkj-x53j-yqd8
8
vulnerability VCID-ghqg-ae1b-w7br
9
vulnerability VCID-hrky-nmnv-g3eu
10
vulnerability VCID-kmqa-hsqy-muf1
11
vulnerability VCID-m39c-3bv2-6ugy
12
vulnerability VCID-mmth-7rgf-aqfa
13
vulnerability VCID-t1s3-f181-tqca
14
vulnerability VCID-vztu-pap6-37ev
15
vulnerability VCID-wtca-5ffw-w7bc
16
vulnerability VCID-z1jy-4da2-tyhk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2
aliases CVE-2013-4316, GHSA-j7h6-xr7g-m2c5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6wr-3psx-dbfm
Fixing_vulnerabilities
0
url VCID-emya-8et9-n7a9
vulnerability_id VCID-emya-8et9-n7a9
summary 
Multiple XSS flaws in XWork
Multiple cross-site scripting (XSS) vulnerabilities in XWork allow remote attackers to inject arbitrary web script or HTML via vectors involving an action name, the action attribute of an s:submit element, or the method attribute of an `s:submit` element.
references
0
reference_url http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106
1
reference_url http://jvn.jp/en/jp/JVN25435092/index.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://jvn.jp/en/jp/JVN25435092/index.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1772
reference_id
reference_type
scores
0
value 0.59227
scoring_system epss
scoring_elements 0.98269
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1772
4
reference_url http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html
5
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
6
reference_url https://issues.apache.org/jira/browse/WW-3579
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://issues.apache.org/jira/browse/WW-3579
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1772
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1772
8
reference_url http://struts.apache.org/2.2.3/docs/version-notes-223.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.2.3/docs/version-notes-223.html
9
reference_url http://struts.apache.org/2.x/docs/s2-006.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/2.x/docs/s2-006.html
10
reference_url http://struts.apache.org/docs/s2-006.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-006.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=723827
reference_id 723827
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=723827
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt
reference_id CVE-2011-1772;OSVDB-72238
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt
13
reference_url https://www.securityfocus.com/bid/47784/info
reference_id CVE-2011-1772;OSVDB-72238
reference_type exploit
scores
url https://www.securityfocus.com/bid/47784/info
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.2.3
purl pkg:maven/org.apache.struts/struts2-core@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1exe-1vfk-f7bn
1
vulnerability VCID-1kjb-use6-23eu
2
vulnerability VCID-1uv2-rvmy-53hk
3
vulnerability VCID-4x3k-a11x-7bee
4
vulnerability VCID-7uv9-4vy7-ryd1
5
vulnerability VCID-84ge-vq7u-j3ar
6
vulnerability VCID-89az-256b-mubw
7
vulnerability VCID-8jup-umjw-9ba4
8
vulnerability VCID-9mn7-d2mm-uqay
9
vulnerability VCID-dj42-wym9-nbhv
10
vulnerability VCID-dvxu-9sh6-qbef
11
vulnerability VCID-fwkj-x53j-yqd8
12
vulnerability VCID-ghqg-ae1b-w7br
13
vulnerability VCID-kc4z-fnyk-tkdu
14
vulnerability VCID-kcy9-3d45-23b1
15
vulnerability VCID-kmqa-hsqy-muf1
16
vulnerability VCID-m39c-3bv2-6ugy
17
vulnerability VCID-t1s3-f181-tqca
18
vulnerability VCID-tqxu-gna6-j3ff
19
vulnerability VCID-wsvw-qwt7-qbg1
20
vulnerability VCID-wtca-5ffw-w7bc
21
vulnerability VCID-xd9a-gdh3-97ar
22
vulnerability VCID-z1jy-4da2-tyhk
23
vulnerability VCID-z6wr-3psx-dbfm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3
aliases CVE-2011-1772, GHSA-56f8-g68r-j699
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emya-8et9-n7a9
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3