Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-core@2.3.15.2

Type maven

Namespace org.apache.struts

Name struts2-core

Version 2.3.15.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.31

Latest_non_vulnerable_version 7.1.1

Affected_by_vulnerabilities

url VCID-kmqa-hsqy-muf1

vulnerability_id VCID-kmqa-hsqy-muf1

summary

Broken Access Control Vulnerability
This package allows remote attackers to bypass access controls via a crafted action: `prefix`.

references

reference_url	http://struts.apache.org/docs/s2-018.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-018.html

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.15.3

purl pkg:maven/org.apache.struts/struts2-core@2.3.15.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-dvxu-9sh6-qbef

vulnerability	VCID-hrky-nmnv-g3eu

vulnerability	VCID-mmth-7rgf-aqfa

vulnerability	VCID-z1jy-4da2-tyhk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3

aliases CVE-2013-4310

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kmqa-hsqy-muf1

Fixing_vulnerabilities

url VCID-z6wr-3psx-dbfm

vulnerability_id VCID-z6wr-3psx-dbfm

summary This package enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

references

reference_url	http://struts.apache.org/docs/s2-019.html
reference_id
reference_type
scores
url	http://struts.apache.org/docs/s2-019.html

reference_url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316
reference_id
reference_type
scores
url	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.15.2

purl pkg:maven/org.apache.struts/struts2-core@2.3.15.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kmqa-hsqy-muf1

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2

aliases CVE-2013-4316

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6wr-3psx-dbfm

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2

Package Instance