Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.1.0
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.31
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-3bjt-18pc-vfe8
vulnerability_id VCID-3bjt-18pc-vfe8
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
references
0
reference_url https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6
1
reference_url https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb
2
reference_url https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486
3
reference_url https://issues.apache.org/struts/browse/WW-2414
reference_id
reference_type
scores
url https://issues.apache.org/struts/browse/WW-2414
4
reference_url https://issues.apache.org/struts/browse/WW-2427
reference_id
reference_type
scores
url https://issues.apache.org/struts/browse/WW-2427
5
reference_url https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html
reference_id
reference_type
scores
url https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html
6
reference_url https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html
reference_id
reference_type
scores
url https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html
7
reference_url https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686
reference_id
reference_type
scores
url https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-6682
reference_id CVE-2008-6682
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2008-6682
9
reference_url https://github.com/advisories/GHSA-jgcr-9c2q-rvp8
reference_id GHSA-jgcr-9c2q-rvp8
reference_type
scores
url https://github.com/advisories/GHSA-jgcr-9c2q-rvp8
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.1.1
purl pkg:maven/org.apache.struts/struts2-core@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dj42-wym9-nbhv
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.1
aliases CVE-2008-6682, GHSA-jgcr-9c2q-rvp8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3bjt-18pc-vfe8
1
url VCID-dvxu-9sh6-qbef
vulnerability_id VCID-dvxu-9sh6-qbef
summary 
Improper Input Validation
Using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
references
0
reference_url https://struts.apache.org/docs/s2-053.html
reference_id
reference_type
scores
url https://struts.apache.org/docs/s2-053.html
1
reference_url http://www.securityfocus.com/bid/100829
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100829
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
reference_id CVE-2017-12611
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-12611
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.34
purl pkg:maven/org.apache.struts/struts2-core@2.3.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34
1
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-12611
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dvxu-9sh6-qbef
2
url VCID-z1jy-4da2-tyhk
vulnerability_id VCID-z1jy-4da2-tyhk
summary 
Improper Input Validation
`XSLTResult` in Apache Struts allows remote attackers to execute arbitrary code via the stylesheet location parameter.
references
0
reference_url http://struts.apache.org/docs/s2-031.html
reference_id
reference_type
scores
url http://struts.apache.org/docs/s2-031.html
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
reference_id CVE-2016-3082
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3082
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mmth-7rgf-aqfa
1
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3
1
url pkg:maven/org.apache.struts/struts2-core@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
2
vulnerability VCID-mmth-7rgf-aqfa
3
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3
2
url pkg:maven/org.apache.struts/struts2-core@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-core@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-dvxu-9sh6-qbef
1
vulnerability VCID-hrky-nmnv-g3eu
2
vulnerability VCID-mmth-7rgf-aqfa
3
vulnerability VCID-qdsq-8td3-5qa1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1
aliases CVE-2016-3082
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jy-4da2-tyhk
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.0