Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.5.5
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.5.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.11
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-21k4-5a8r-7bd9
vulnerability_id VCID-21k4-5a8r-7bd9
summary 
Improper Input Validation
If an application allows to enter an URL in a form field and built-in `URLValidator` is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7672
reference_id
reference_type
scores
0
value 0.01346
scoring_system epss
scoring_elements 0.80402
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7672
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/931df54ab379bf4eb5a625bf05066b8563c3737b
4
reference_url https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/3795c4dd46d9ec75f4a6eb9eca11c11edd3e796c6c1fd7b17b5dc50d@%3Cannouncements.struts.apache.org%3E
5
reference_url https://security.netapp.com/advisory/ntap-20180706-0002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180706-0002
6
reference_url http://struts.apache.org/docs/s2-047.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://struts.apache.org/docs/s2-047.html
7
reference_url https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170907215142/http://www.securitytracker.com/id/1039114
8
reference_url https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227144724/http://www.securityfocus.com/bid/99563
9
reference_url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
10
reference_url http://www.securityfocus.com/bid/99563
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/99563
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1480614
reference_id 1480614
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1480614
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7672
reference_id CVE-2017-7672
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7672
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.12
purl pkg:maven/org.apache.struts/struts2-core@2.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hrky-nmnv-g3eu
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12
aliases CVE-2017-7672, GHSA-9gp7-jvm2-r4mx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-21k4-5a8r-7bd9
1
url VCID-ybuw-727z-r3eb
vulnerability_id VCID-ybuw-727z-r3eb
summary 
Improper Input Validation
In Apache Struts, if an application allows entering a URL in a form field and the built-in `URLValidator` is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-8738
reference_id
reference_type
scores
0
value 0.01107
scoring_system epss
scoring_elements 0.78454
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-8738
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/554b9dddb0fbd1e581ef577dd62a7c22955ad0f6
3
reference_url https://security.netapp.com/advisory/ntap-20180629-0003
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0003
4
reference_url https://struts.apache.org/docs/s2-044.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-044.html
5
reference_url http://www.securityfocus.com/bid/94657
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94657
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8738
reference_id CVE-2016-8738
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-8738
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.8
purl pkg:maven/org.apache.struts/struts2-core@2.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21k4-5a8r-7bd9
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.8
1
url pkg:maven/org.apache.struts/struts2-core@2.5.13
purl pkg:maven/org.apache.struts/struts2-core@2.5.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13
aliases CVE-2016-8738, GHSA-86vq-8qhc-5rqw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ybuw-727z-r3eb
Fixing_vulnerabilities
0
url VCID-cv6j-98vx-n3ed
vulnerability_id VCID-cv6j-98vx-n3ed
summary 
Path Traversal
In the Convention plugin in Apache Struts, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-6795
reference_id
reference_type
scores
0
value 0.04732
scoring_system epss
scoring_elements 0.89589
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-6795
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129
3
reference_url https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab
4
reference_url https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14
5
reference_url https://security.netapp.com/advisory/ntap-20180629-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180629-0003
6
reference_url https://security.netapp.com/advisory/ntap-20180629-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0003/
7
reference_url https://struts.apache.org/docs/s2-042.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/docs/s2-042.html
8
reference_url https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773
9
reference_url http://www.securityfocus.com/bid/93773
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93773
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-6795
reference_id CVE-2016-6795
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-6795
11
reference_url https://github.com/advisories/GHSA-44hv-jjx7-qfjg
reference_id GHSA-44hv-jjx7-qfjg
reference_type
scores
url https://github.com/advisories/GHSA-44hv-jjx7-qfjg
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.3.31
purl pkg:maven/org.apache.struts/struts2-core@2.3.31
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.31
1
url pkg:maven/org.apache.struts/struts2-core@2.5.5
purl pkg:maven/org.apache.struts/struts2-core@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-21k4-5a8r-7bd9
1
vulnerability VCID-ybuw-727z-r3eb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5
aliases CVE-2016-6795, GHSA-44hv-jjx7-qfjg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cv6j-98vx-n3ed
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5