Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/51615?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/51615?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.8", "type": "maven", "namespace": "org.apache.struts", "name": "struts2-core", "version": "2.3.8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.8.0", "latest_non_vulnerable_version": "7.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/270595?format=api", "vulnerability_id": "VCID-1tfj-xmkp-bbfr", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93188", "scoring_system": "epss", "scoring_elements": "0.99807", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-067", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854" }, { "reference_url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78" }, { "reference_url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250103-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250103-0005" }, { "reference_url": "https://struts.apache.org/core-developers/file-upload", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/core-developers/file-upload" }, { "reference_url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686", "reference_id": "2331686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686" }, { "reference_url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm", "reference_id": "GHSA-43mq-6xmg-29vm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187437?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nfn8-r3bb-kka7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0" } ], "aliases": [ "CVE-2024-53677", "GHSA-43mq-6xmg-29vm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1tfj-xmkp-bbfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9993?format=api", "vulnerability_id": "VCID-1xhe-mz8d-eyem", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94431", "scoring_system": "epss", "scoring_elements": "0.99986", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-057", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-057" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b" }, { "reference_url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e" }, { "reference_url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72" }, { "reference_url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d" }, { "reference_url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002" }, { "reference_url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125" }, { "reference_url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776" }, { "reference_url": "https://www.exploit-db.com/exploits/45260", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45260" }, { "reference_url": "https://www.exploit-db.com/exploits/45262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45262" }, { "reference_url": "https://www.exploit-db.com/exploits/45367", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45367" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securityfocus.com/bid/105125" }, { "reference_url": "http://www.securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041547" }, { "reference_url": "http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019", "reference_id": "1620019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019" }, { "reference_url": "https://www.exploit-db.com/exploits/45260/", "reference_id": "45260", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45260/" }, { "reference_url": "https://www.exploit-db.com/exploits/45262/", "reference_id": "45262", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45262/" }, { "reference_url": "https://www.exploit-db.com/exploits/45367/", "reference_id": "45367", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45367/" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py" }, { "reference_url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776", "reference_id": "CVE-2018-11776", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC", "reference_id": "CVE-2018-11776-PYTHON-POC", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC" }, { "reference_url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65", "reference_id": "GHSA-cr6j-3jp9-rw65", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001/", "reference_id": "ntap-20180822-0001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55779?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/55780?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17" } ], "aliases": [ "CVE-2018-11776", "GHSA-cr6j-3jp9-rw65" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xhe-mz8d-eyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9882?format=api", "vulnerability_id": "VCID-1xze-jfs9-yyba", "summary": "", "references": [ { "reference_url": "http://archiva.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://archiva.apache.org/security.html" }, { "reference_url": "http://cxsecurity.com/issue/WLB-2014010087", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://cxsecurity.com/issue/WLB-2014010087" }, { "reference_url": "http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94325", "scoring_system": "epss", "scoring_elements": "0.99954", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2251" }, { "reference_url": "http://seclists.org/fulldisclosure/2013/Oct/96", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://seclists.org/fulldisclosure/2013/Oct/96" }, { "reference_url": "http://seclists.org/oss-sec/2014/q1/89", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://seclists.org/oss-sec/2014/q1/89" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6" }, { "reference_url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4140", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4140" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-016.html" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251" }, { "reference_url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "reference_url": "http://www.securitytracker.com/id/1029184", "reference_id": "1029184", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.securitytracker.com/id/1029184" }, { "reference_url": "http://www.securitytracker.com/id/1032916", "reference_id": "1032916", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.securitytracker.com/id/1032916" }, { "reference_url": "http://www.securityfocus.com/bid/61189", "reference_id": "61189", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.securityfocus.com/bid/61189" }, { "reference_url": "http://osvdb.org/98445", "reference_id": "98445", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://osvdb.org/98445" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt", "reference_id": "CVE-2013-2251", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2251", "reference_id": "CVE-2013-2251", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2251" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb", "reference_id": "CVE-2013-2251;OSVDB-95405", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb" }, { "reference_url": "https://github.com/advisories/GHSA-47qp-8v9g-39hp", "reference_id": "GHSA-47qp-8v9g-39hp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47qp-8v9g-39hp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50419?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1" } ], "aliases": [ "CVE-2013-2251", "GHSA-47qp-8v9g-39hp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xze-jfs9-yyba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11543?format=api", "vulnerability_id": "VCID-2p29-qaqw-9fa9", "summary": "Manipulation of Struts internals\nThis package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80482", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5209" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0002" }, { "reference_url": "https://struts.apache.org/docs/s2-026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-026.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51573?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1" } ], "aliases": [ "CVE-2015-5209", "GHSA-4qgj-9mvg-3929" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p29-qaqw-9fa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9908?format=api", "vulnerability_id": "VCID-2qup-v76d-8bge", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90587", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5" }, { "reference_url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436" }, { "reference_url": "https://struts.apache.org/docs/s2-035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-035.html" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233", "reference_id": "1348233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233" }, { "reference_url": "https://github.com/advisories/GHSA-xm92-v2mq-842q", "reference_id": "GHSA-xm92-v2mq-842q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xm92-v2mq-842q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/51749?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2rqk-2gkx-dkds" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1" } ], "aliases": [ "CVE-2016-4436", "GHSA-xm92-v2mq-842q" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qup-v76d-8bge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9817?format=api", "vulnerability_id": "VCID-3q92-5sz9-2kd3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0622", "scoring_system": "epss", "scoring_elements": "0.9102", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1327" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-056", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-056" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa" }, { "reference_url": "https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4" }, { "reference_url": "https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323" }, { "reference_url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180330-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180330-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180330-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180330-0001/" }, { "reference_url": "https://struts.apache.org/docs/s2-056.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://struts.apache.org/docs/s2-056.html" }, { "reference_url": "https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516" }, { "reference_url": "https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.securityfocus.com/bid/103516", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103516" }, { "reference_url": "http://www.securitytracker.com/id/1040575", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040575" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561007", "reference_id": "1561007", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561007" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2018-1327", "reference_id": "CVE-2018-1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2018-1327" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1327", "reference_id": "CVE-2018-1327", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1327" }, { "reference_url": "https://github.com/advisories/GHSA-38cr-2ph5-frr9", "reference_id": "GHSA-38cr-2ph5-frr9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38cr-2ph5-frr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54226?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16" } ], "aliases": [ "CVE-2018-1327", "GHSA-38cr-2ph5-frr9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q92-5sz9-2kd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9792?format=api", "vulnerability_id": "VCID-6b94-6fkt-afdu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91096", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-013" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-013.html" }, { "reference_url": "http://struts.apache.org/docs/s2-013.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-013.html" }, { "reference_url": "http://struts.apache.org/docs/s2-014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1966", "reference_id": "CVE-2013-1966", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1966" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb", "reference_id": "CVE-2013-2115;OSVDB-93645;CVE-2013-1966", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb" }, { "reference_url": "https://github.com/advisories/GHSA-737w-mh58-cxjp", "reference_id": "GHSA-737w-mh58-cxjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-737w-mh58-cxjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50405?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2" } ], "aliases": [ "CVE-2013-1966", "GHSA-737w-mh58-cxjp" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6b94-6fkt-afdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9788?format=api", "vulnerability_id": "VCID-86yh-tym8-f3hh", "summary": "", "references": [ { "reference_url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5638", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94267", "scoring_system": "epss", "scoring_elements": "0.99938", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5638" }, { "reference_url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-045", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-045" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-046", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-046" }, { "reference_url": "https://exploit-db.com/exploits/41570", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://exploit-db.com/exploits/41570" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a" }, { "reference_url": "https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228" }, { "reference_url": "https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b" }, { "reference_url": "https://github.com/mazen160/struts-pwn", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://github.com/mazen160/struts-pwn" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/issues/8064", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://github.com/rapid7/metasploit-framework/issues/8064" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us" }, { "reference_url": "https://isc.sans.edu/diary/22169", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://isc.sans.edu/diary/22169" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html" }, { "reference_url": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20170310-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20170310-0001" }, { "reference_url": "https://struts.apache.org/docs/s2-045.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://struts.apache.org/docs/s2-045.html" }, { "reference_url": "https://struts.apache.org/docs/s2-046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://struts.apache.org/docs/s2-046.html" }, { "reference_url": "https://support.lenovo.com/us/en/product_security/len-14200", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://support.lenovo.com/us/en/product_security/len-14200" }, { "reference_url": "https://twitter.com/theog150/status/841146956135124993", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://twitter.com/theog150/status/841146956135124993" }, { "reference_url": "https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729" }, { "reference_url": "https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638" }, { "reference_url": "https://www.exploit-db.com/exploits/41614", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/41614" }, { "reference_url": "https://www.kb.cert.org/vuls/id/834067", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.kb.cert.org/vuls/id/834067" }, { "reference_url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.symantec.com/security-center/network-protection-security-advisories/SA145" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt" }, { "reference_url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "http://www.securityfocus.com/bid/96729", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.securityfocus.com/bid/96729" }, { "reference_url": "http://www.securitytracker.com/id/1037973", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://www.securitytracker.com/id/1037973" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326", "reference_id": "1430326", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1430326" }, { "reference_url": "https://www.exploit-db.com/exploits/41614/", "reference_id": "41614", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.exploit-db.com/exploits/41614/" }, { "reference_url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/", "reference_id": "critical-vulnerability-under-massive-attack-imperils-high-impact-sites", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/" }, { "reference_url": "https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb", "reference_id": "CVE-2017-5638", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5638", "reference_id": "CVE-2017-5638", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5638" }, { "reference_url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/", "reference_id": "cve-2017-5638-apache-struts-vulnerability-remote-code-execution", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/" }, { "reference_url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution", "reference_id": "CVE-2017-5638-APACHE-STRUTS-VULNERABILITY-REMOTE-CODE-EXECUTION", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution" }, { "reference_url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/", "reference_id": "cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/" }, { "reference_url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2", "reference_id": "CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2" }, { "reference_url": "https://github.com/advisories/GHSA-j77q-2qqg-6989", "reference_id": "GHSA-j77q-2qqg-6989", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j77q-2qqg-6989" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20170310-0001/", "reference_id": "ntap-20170310-0001", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20170310-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52698?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/52699?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1" } ], "aliases": [ "CVE-2017-5638", "GHSA-j77q-2qqg-6989" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86yh-tym8-f3hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10076?format=api", "vulnerability_id": "VCID-8huk-86a6-27cw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89938", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3093" }, { "reference_url": "https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92" }, { "reference_url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E" }, { "reference_url": "https://struts.apache.org/docs/s2-034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-034.html" }, { "reference_url": "http://struts.apache.org/docs/s2-034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-034.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.securityfocus.com/bid/90961", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90961" }, { "reference_url": "http://www.securitytracker.com/id/1036018", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341677", "reference_id": "1341677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341677" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093", "reference_id": "CVE-2016-3093", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093" }, { "reference_url": "https://github.com/advisories/GHSA-383p-xqxx-rrmp", "reference_id": "GHSA-383p-xqxx-rrmp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-383p-xqxx-rrmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" } ], "aliases": [ "CVE-2016-3093", "GHSA-383p-xqxx-rrmp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8huk-86a6-27cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10093?format=api", "vulnerability_id": "VCID-8zze-44sk-audx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96227", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f" }, { "reference_url": "http://struts.apache.org/docs/s2-031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-031.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082", "reference_id": "CVE-2016-3082", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51622?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3082", "GHSA-pvm9-288c-v5wq" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zze-44sk-audx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10206?format=api", "vulnerability_id": "VCID-aaet-jdfc-mbek", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04732", "scoring_system": "epss", "scoring_elements": "0.89574", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6795" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129" }, { "reference_url": "https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab" }, { "reference_url": "https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" }, { "reference_url": "https://struts.apache.org/docs/s2-042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-042.html" }, { "reference_url": "https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773" }, { "reference_url": "http://www.securityfocus.com/bid/93773", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/93773" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6795", "reference_id": "CVE-2016-6795", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6795" }, { "reference_url": "https://github.com/advisories/GHSA-44hv-jjx7-qfjg", "reference_id": "GHSA-44hv-jjx7-qfjg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-44hv-jjx7-qfjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61878?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/52703?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2rqk-2gkx-dkds" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5" } ], "aliases": [ "CVE-2016-6795", "GHSA-44hv-jjx7-qfjg" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aaet-jdfc-mbek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17814?format=api", "vulnerability_id": "VCID-b4nv-2pd9-pqdw", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31042", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-064", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-064" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396", "reference_id": "CVE-2023-34396", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396" }, { "reference_url": "https://github.com/advisories/GHSA-4g42-gqrg-4633", "reference_id": "GHSA-4g42-gqrg-4633", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g42-gqrg-4633" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64296?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/64297?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34396", "GHSA-4g42-gqrg-4633" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4nv-2pd9-pqdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11619?format=api", "vulnerability_id": "VCID-c5xy-yhrn-fqf2", "summary": "Cross-Site Scripting vulnerability on \"Problem Report\" screen\nWhen Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.", "references": [ { "reference_url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html" }, { "reference_url": "http://jvn.jp/en/jp/JVN95989300/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN95989300/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.79199", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0003" }, { "reference_url": "https://struts.apache.org/docs/s2-025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-025.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2015-5169", "GHSA-vwhv-j36g-5rm8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5xy-yhrn-fqf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14889?format=api", "vulnerability_id": "VCID-ce3p-yaze-v7fy", "summary": "Remote code execution in Apache Struts\nForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN43969166/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://jvn.jp/en/jp/JVN43969166/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94373", "scoring_system": "epss", "scoring_elements": "0.99967", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-061", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-061" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645", "reference_id": "1905645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530", "reference_id": "CVE-2020-17530", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530" }, { "reference_url": "https://github.com/advisories/GHSA-jc35-q369-45pv", "reference_id": "GHSA-jc35-q369-45pv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc35-q369-45pv" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005/", "reference_id": "ntap-20210115-0005", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59402?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26" } ], "aliases": [ "CVE-2020-17530", "GHSA-jc35-q369-45pv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ce3p-yaze-v7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95169?format=api", "vulnerability_id": "VCID-dzkb-wjvw-qufb", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html" }, { "reference_url": "http://jvn.jp/en/jp/JVN88408929/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN88408929/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.77207", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2992" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-025", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-025" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/Security", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/Security" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200330-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200330-0001" }, { "reference_url": "http://www.securityfocus.com/bid/76624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260101", "reference_id": "1260101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260101" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2992", "reference_id": "CVE-2015-2992", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2992" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2015-2992", "GHSA-265r-pp83-gww7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzkb-wjvw-qufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9758?format=api", "vulnerability_id": "VCID-ee2d-r8vy-skhq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79528", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java" }, { "reference_url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162" }, { "reference_url": "http://struts.apache.org/docs/s2-030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-030.html" }, { "reference_url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070" }, { "reference_url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724", "reference_id": "1326724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724" }, { "reference_url": "https://github.com/advisories/GHSA-2j4q-9fff-236j", "reference_id": "GHSA-2j4q-9fff-236j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2j4q-9fff-236j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-2162", "GHSA-2j4q-9fff-236j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ee2d-r8vy-skhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9850?format=api", "vulnerability_id": "VCID-es18-pf68-h3de", "summary": "", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06168", "scoring_system": "epss", "scoring_elements": "0.90973", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4316" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1" }, { "reference_url": "https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" }, { "reference_url": "http://struts.apache.org/docs/s2-019.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-019.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-019.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013036", "reference_id": "1013036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013036" }, { "reference_url": "https://github.com/advisories/GHSA-j7h6-xr7g-m2c5", "reference_id": "GHSA-j7h6-xr7g-m2c5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j7h6-xr7g-m2c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50522?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2" } ], "aliases": [ "CVE-2013-4316", "GHSA-j7h6-xr7g-m2c5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es18-pf68-h3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9966?format=api", "vulnerability_id": "VCID-ev69-3d1j-nuac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85946", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc" }, { "reference_url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9" }, { "reference_url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e" }, { "reference_url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2" }, { "reference_url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4507", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4507" }, { "reference_url": "http://struts.apache.org/docs/s2-028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-028.html" }, { "reference_url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311" }, { "reference_url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268" }, { "reference_url": "http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/86311" }, { "reference_url": "http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035268" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725", "reference_id": "1326725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003", "reference_id": "CVE-2016-4003", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-4003", "GHSA-m3x6-9v6h-4g28" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev69-3d1j-nuac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9804?format=api", "vulnerability_id": "VCID-f4kx-q41m-5qer", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99929", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa" }, { "reference_url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f" }, { "reference_url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001" }, { "reference_url": "https://struts.apache.org/docs/s2-053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-053.html" }, { "reference_url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478", "reference_id": "1489478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478" }, { "reference_url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611", "reference_id": "CVE-2017-12611", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611" }, { "reference_url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm", "reference_id": "GHSA-8fx9-5hx8-crhm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/53059?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/52699?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73935?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52701?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-12611", "GHSA-8fx9-5hx8-crhm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4kx-q41m-5qer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15596?format=api", "vulnerability_id": "VCID-fmf4-k1py-g7fh", "summary": "Unrestricted Upload of File with Dangerous Type\nA local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69462", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-5055", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-5055" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://seclists.org/bugtraq/2012/Mar/110", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2012/Mar/110" }, { "reference_url": "https://struts.apache.org/security/#internal-security-mechanism", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/security/#internal-security-mechanism" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2012-1592" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1592" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml" }, { "reference_url": "https://www.securityfocus.com/bid/52702/info", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/52702/info" }, { "reference_url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf", "reference_id": "GHSA-8m5q-crqq-6pmf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2012-1592", "GHSA-8m5q-crqq-6pmf" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmf4-k1py-g7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9739?format=api", "vulnerability_id": "VCID-gbqn-ywy3-d7cu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90936", "scoring_system": "epss", "scoring_elements": "0.99648", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2134" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-015" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201409-04.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0" }, { "reference_url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f" }, { "reference_url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3" }, { "reference_url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4090", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4090" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4094" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4095", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4095" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-015.html" }, { "reference_url": "http://struts.apache.org/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-015.html" }, { "reference_url": "https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346" }, { "reference_url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2134", "reference_id": "CVE-2013-2134", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2134" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt", "reference_id": "CVE-2013-2134;OSVDB-93969", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt" }, { "reference_url": "https://www.securityfocus.com/bid/60345/info", "reference_id": "CVE-2013-2134;OSVDB-93969", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/60345/info" }, { "reference_url": "https://github.com/advisories/GHSA-gqqm-564f-vvxq", "reference_id": "GHSA-gqqm-564f-vvxq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gqqm-564f-vvxq" }, { "reference_url": "https://security.gentoo.org/glsa/201409-04", "reference_id": "GLSA-201409-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201409-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50415?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3" } ], "aliases": [ "CVE-2013-2134", "GHSA-gqqm-564f-vvxq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbqn-ywy3-d7cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9879?format=api", "vulnerability_id": "VCID-hkhz-8ee5-57fm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8761", "scoring_system": "epss", "scoring_elements": "0.9948", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2115" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-013" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-014", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-014" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650" }, { "reference_url": "https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d" }, { "reference_url": "https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6" }, { "reference_url": "https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4063", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4063" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-014.html" }, { "reference_url": "http://struts.apache.org/docs/s2-014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-014.html" }, { "reference_url": "https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2115", "reference_id": "CVE-2013-2115", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2115" }, { "reference_url": "https://github.com/advisories/GHSA-7ghm-rpc7-p7g5", "reference_id": "GHSA-7ghm-rpc7-p7g5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7ghm-rpc7-p7g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50405?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2" } ], "aliases": [ "CVE-2013-2115", "GHSA-7ghm-rpc7-p7g5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkhz-8ee5-57fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16317?format=api", "vulnerability_id": "VCID-hszd-513t-xucj", "summary": "Apache Struts forced double OGNL evaluation\nApache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82619", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0004" }, { "reference_url": "https://struts.apache.org/docs/s2-036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-036.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461", "reference_id": "CVE-2016-4461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461" }, { "reference_url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj", "reference_id": "GHSA-864w-r5qj-h6fj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4461", "GHSA-864w-r5qj-h6fj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hszd-513t-xucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10003?format=api", "vulnerability_id": "VCID-huug-6mey-9fgz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86434", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0116" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0116" }, { "reference_url": "http://struts.apache.org/docs/s2-022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-022.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116" }, { "reference_url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558", "reference_id": "1094558", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50756?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0116", "GHSA-hmhq-382q-mp56" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huug-6mey-9fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15495?format=api", "vulnerability_id": "VCID-jyrs-6kjh-3qfa", "summary": "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')\nThe fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93788", "scoring_system": "epss", "scoring_elements": "0.99865", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220420-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220420-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788", "reference_id": "2074788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805", "reference_id": "CVE-2021-31805", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805" }, { "reference_url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c", "reference_id": "GHSA-v8j6-6c2r-r27c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60334?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30" } ], "aliases": [ "CVE-2021-31805", "GHSA-v8j6-6c2r-r27c" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyrs-6kjh-3qfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10147?format=api", "vulnerability_id": "VCID-k6eu-y8xc-5kbj", "summary": "", "references": [ { "reference_url": "http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html" }, { "reference_url": "http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91947", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7809" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7809" }, { "reference_url": "http://struts.apache.org/docs/s2-023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-023.html" }, { "reference_url": "https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309" }, { "reference_url": "https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548" }, { "reference_url": "https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172133", "reference_id": "1172133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-7809", "GHSA-h4v9-jf2r-9h6m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6eu-y8xc-5kbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10002?format=api", "vulnerability_id": "VCID-knq3-w2wm-4uae", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" }, { "reference_url": "http://jvn.jp/en/jp/JVN19294237/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN19294237/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93134", "scoring_system": "epss", "scoring_elements": "0.99799", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0094" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f" }, { "reference_url": "https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "reference_url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073716", "reference_id": "1073716", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073716" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0094", "reference_id": "CVE-2014-0094", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0094" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb", "reference_id": "CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb", "reference_id": "CVE-2014-0114;CVE-2014-0112;CVE-2014-0094", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb", "reference_id": "CVE-2014-0114;CVE-2014-0112;CVE-2014-0094", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb" }, { "reference_url": "https://github.com/advisories/GHSA-vrwc-qjmw-5rjm", "reference_id": "GHSA-vrwc-qjmw-5rjm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vrwc-qjmw-5rjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50677?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" } ], "aliases": [ "CVE-2014-0094", "GHSA-vrwc-qjmw-5rjm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knq3-w2wm-4uae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9712?format=api", "vulnerability_id": "VCID-mw23-ujhz-a7cs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83013", "scoring_system": "epss", "scoring_elements": "0.99272", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2135" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-015" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0" }, { "reference_url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f" }, { "reference_url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3" }, { "reference_url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4090", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4090" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4094" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4095", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4095" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-015.html" }, { "reference_url": "http://struts.apache.org/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-015.html" }, { "reference_url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2135", "reference_id": "CVE-2013-2135", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2135" }, { "reference_url": "https://github.com/advisories/GHSA-pw8r-x2qm-3h5m", "reference_id": "GHSA-pw8r-x2qm-3h5m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pw8r-x2qm-3h5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50415?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3" } ], "aliases": [ "CVE-2013-2135", "GHSA-pw8r-x2qm-3h5m" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mw23-ujhz-a7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22068?format=api", "vulnerability_id": "VCID-mxqs-9njm-hbhq", "summary": "Apache Struts 2 is Missing XML Validation\nMissing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1023", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-069", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-069" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/01/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/01/11/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559", "reference_id": "2428559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493", "reference_id": "CVE-2025-68493", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493" }, { "reference_url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7", "reference_id": "GHSA-qcfc-hmrc-59x7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111057?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72104?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1" } ], "aliases": [ "CVE-2025-68493", "GHSA-qcfc-hmrc-59x7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxqs-9njm-hbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9774?format=api", "vulnerability_id": "VCID-n7x9-wj56-a7gr", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9804", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04618", "scoring_system": "epss", "scoring_elements": "0.89435", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9804" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02" }, { "reference_url": "https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a" }, { "reference_url": "https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9" }, { "reference_url": "https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded" }, { "reference_url": "https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2" }, { "reference_url": "https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0001/" }, { "reference_url": "https://struts.apache.org/docs/s2-050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-050.html" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170907-struts2" }, { "reference_url": "https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612" }, { "reference_url": "https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/100612", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100612" }, { "reference_url": "http://www.securitytracker.com/id/1039261", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491", "reference_id": "1488491", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488491" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9804", "reference_id": "CVE-2017-9804", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9804" }, { "reference_url": "https://github.com/advisories/GHSA-x5x7-3v85-wpc4", "reference_id": "GHSA-x5x7-3v85-wpc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x5x7-3v85-wpc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51619?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/53059?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/53060?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13" } ], "aliases": [ "CVE-2017-9804", "GHSA-x5x7-3v85-wpc4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n7x9-wj56-a7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14411?format=api", "vulnerability_id": "VCID-nb8f-hdtw-9fdk", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes\nApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93849", "scoring_system": "epss", "scoring_elements": "0.99875", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-059", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-059" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672", "reference_id": "1869672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py", "reference_id": "CVE-2019-0230", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230", "reference_id": "CVE-2019-0230", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230" }, { "reference_url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727", "reference_id": "GHSA-wp4h-pvgw-5727", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0230", "GHSA-wp4h-pvgw-5727" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nb8f-hdtw-9fdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21799?format=api", "vulnerability_id": "VCID-nfn8-r3bb-kka7", "summary": "Apache Struts has a Denial of Service vulnerability\nDenial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42101", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2025-64775", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2025-64775" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-068", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-068" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675", "reference_id": "CVE-2025-66675", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675" }, { "reference_url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw", "reference_id": "GHSA-rg58-xhh7-mqjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71474?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/71475?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1" } ], "aliases": [ "CVE-2025-66675", "GHSA-rg58-xhh7-mqjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfn8-r3bb-kka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10428?format=api", "vulnerability_id": "VCID-nqwc-36ke-b3ff", "summary": "XSS via malicious action parameter\nMultiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to `actionNames.action` and `showConfig.action` in `config-browser/`.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02766", "scoring_system": "epss", "scoring_elements": "0.86282", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6348" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348" }, { "reference_url": "http://seclists.org/fulldisclosure/2013/Oct/244", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2013/Oct/244" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4213", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4213" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6348" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2013-6348" }, { "reference_url": "https://svn.apache.org/viewvc?view=revision&revision=1533354", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://svn.apache.org/viewvc?view=revision&revision=1533354" }, { "reference_url": "https://ubuntu.com/security/CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/security/CVE-2013-6348" }, { "reference_url": "https://github.com/advisories/GHSA-3g8j-jj54-3vjg", "reference_id": "GHSA-3g8j-jj54-3vjg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3g8j-jj54-3vjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51618?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16" } ], "aliases": [ "CVE-2013-6348", "GHSA-3g8j-jj54-3vjg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqwc-36ke-b3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9782?format=api", "vulnerability_id": "VCID-pjw9-sxen-b3cu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95244", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364" }, { "reference_url": "http://struts.apache.org/docs/s2-029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-029.html" }, { "reference_url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066" }, { "reference_url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720", "reference_id": "1326720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785", "reference_id": "CVE-2016-0785", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785" }, { "reference_url": "https://github.com/advisories/GHSA-876p-4wgc-75rx", "reference_id": "GHSA-876p-4wgc-75rx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-876p-4wgc-75rx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-0785", "GHSA-876p-4wgc-75rx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjw9-sxen-b3cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9750?format=api", "vulnerability_id": "VCID-pmr8-6zz1-ryf2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91789", "scoring_system": "epss", "scoring_elements": "0.99701", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=967655", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=967655" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-012.html" }, { "reference_url": "http://struts.apache.org/docs/s2-012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-012.html" }, { "reference_url": "https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082" }, { "reference_url": "http://www.securityfocus.com/bid/60082", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/60082" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1965", "reference_id": "CVE-2013-1965", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1965" }, { "reference_url": "https://github.com/advisories/GHSA-whmq-v94q-34p9", "reference_id": "GHSA-whmq-v94q-34p9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-whmq-v94q-34p9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50415?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3" } ], "aliases": [ "CVE-2013-1965", "GHSA-whmq-v94q-34p9" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmr8-6zz1-ryf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10165?format=api", "vulnerability_id": "VCID-q9p6-sxpv-g7gp", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110" }, { "reference_url": "http://jvn.jp/en/jp/JVN07710476/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN07710476/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.9837", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c" }, { "reference_url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d" }, { "reference_url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c" }, { "reference_url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b" }, { "reference_url": "https://struts.apache.org/docs/s2-037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-037.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438", "reference_id": "CVE-2016-4438", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438" }, { "reference_url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr", "reference_id": "GHSA-4prj-vw9j-v6pr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4438", "GHSA-4prj-vw9j-v6pr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9p6-sxpv-g7gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17800?format=api", "vulnerability_id": "VCID-rxsu-5hkz-ube8", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20766", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-063", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-063" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149", "reference_id": "CVE-2023-34149", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149" }, { "reference_url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc", "reference_id": "GHSA-8f6x-v685-g2xc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64296?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/64297?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34149", "GHSA-8f6x-v685-g2xc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsu-5hkz-ube8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16396?format=api", "vulnerability_id": "VCID-sd6f-umkv-ffc2", "summary": "Improper Input Validation\nThe TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84682", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3090" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0005/" }, { "reference_url": "https://struts.apache.org/docs/s2-027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-027.html" }, { "reference_url": "https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131" }, { "reference_url": "https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3090", "reference_id": "CVE-2016-3090", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3090" }, { "reference_url": "https://github.com/advisories/GHSA-ggmp-fxfg-277r", "reference_id": "GHSA-ggmp-fxfg-277r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggmp-fxfg-277r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2016-3090", "GHSA-ggmp-fxfg-277r" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd6f-umkv-ffc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9736?format=api", "vulnerability_id": "VCID-sgb7-h4sp-dbgf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91954", "scoring_system": "epss", "scoring_elements": "0.99712", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2248" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6" }, { "reference_url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4140", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4140" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2248" }, { "reference_url": "http://struts.apache.org/docs/s2-017.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-017.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-017.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt", "reference_id": "CVE-2013-2248;OSVDB-95406", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt" }, { "reference_url": "https://www.securityfocus.com/bid/61196/info", "reference_id": "CVE-2013-2248;OSVDB-95406", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/61196/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50419?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1" } ], "aliases": [ "CVE-2013-2248", "GHSA-rpj9-r897-wc6q" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgb7-h4sp-dbgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135659?format=api", "vulnerability_id": "VCID-t9vy-6y7q-e3ac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.92087", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-060", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-060" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682", "reference_id": "1869682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682" }, { "reference_url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm", "reference_id": "GHSA-ccp5-gg58-pxfm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0233", "GHSA-ccp5-gg58-pxfm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9vy-6y7q-e3ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10118?format=api", "vulnerability_id": "VCID-ubk6-8mnk-bqet", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" }, { "reference_url": "http://jvn.jp/en/jp/JVN19294237/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN19294237/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91525", "scoring_system": "epss", "scoring_elements": "0.99685", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0112" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0112" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50677?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0112", "GHSA-prjv-jj26-wf8h" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubk6-8mnk-bqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18992?format=api", "vulnerability_id": "VCID-uza5-qvgq-a3gm", "summary": "Files or Directories Accessible to External Parties\nAn attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92896", "scoring_system": "epss", "scoring_elements": "0.99777", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-066", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-066" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163" }, { "reference_url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6" }, { "reference_url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231214-0010" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938", "reference_id": "2253938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164", "reference_id": "CVE-2023-50164", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164" }, { "reference_url": "https://github.com/advisories/GHSA-2j39-qcjm-428w", "reference_id": "GHSA-2j39-qcjm-428w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j39-qcjm-428w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66888?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-vjz7-vh5w-aygh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/66889?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2" } ], "aliases": [ "CVE-2023-50164", "GHSA-2j39-qcjm-428w" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uza5-qvgq-a3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10197?format=api", "vulnerability_id": "VCID-y65y-kv8s-q3ef", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08725", "scoring_system": "epss", "scoring_elements": "0.92624", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4310" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4310", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4310" }, { "reference_url": "http://struts.apache.org/docs/s2-018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-018.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-018.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013030", "reference_id": "1013030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50523?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3" } ], "aliases": [ "CVE-2013-4310", "GHSA-q5q8-jghf-3pm3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y65y-kv8s-q3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10010?format=api", "vulnerability_id": "VCID-ycjb-zszd-4ufy", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9787.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9787", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08229", "scoring_system": "epss", "scoring_elements": "0.92345", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9787" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" }, { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/086b63735527d4bb0c1dd0d86a7c0374b825ff2" }, { "reference_url": "https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/0d6442bab5b44d93c4c2e63c5335f0a331333b9" }, { "reference_url": "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/de3d325f0433cd3b42258b6a302c0d7a72b69eedc1480ed561d3b065@%3Cannouncements.struts.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180706-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180706-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180706-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180706-0002/" }, { "reference_url": "http://struts.apache.org/docs/s2-049.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-049.html" }, { "reference_url": "https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170910013819/http://www.securitytracker.com/id/1039115" }, { "reference_url": "https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227144723/http://www.securityfocus.com/bid/99562" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/99562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99562" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480608", "reference_id": "1480608", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1480608" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9787", "reference_id": "CVE-2017-9787", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9787" }, { "reference_url": "https://github.com/advisories/GHSA-8mr5-h28g-36qx", "reference_id": "GHSA-8mr5-h28g-36qx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8mr5-h28g-36qx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52700?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/52701?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-9787", "GHSA-8mr5-h28g-36qx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ycjb-zszd-4ufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9930?format=api", "vulnerability_id": "VCID-zkdp-x1s4-jbbx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82455", "scoring_system": "epss", "scoring_elements": "0.99249", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0113" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0113" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092201", "reference_id": "1092201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092201" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50677?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0113", "GHSA-3c5c-xrq4-qhr8" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkdp-x1s4-jbbx" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.8" }