Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-core@2.5.17

Type maven

Namespace org.apache.struts

Name struts2-core

Version 2.5.17

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.5.22

Latest_non_vulnerable_version 7.1.1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1xhe-mz8d-eyem

vulnerability_id VCID-1xhe-mz8d-eyem

summary

references

reference_url

http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-11776

reference_id

reference_type

scores

value	0.94431
scoring_system	epss
scoring_elements	0.99986
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-11776

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-057

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-057

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url	https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b

reference_url

https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e

reference_url	https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72

reference_url	https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d
reference_id
reference_type
scores
url	https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d

reference_url

https://lgtm.com/blog/apache_struts_CVE-2018-11776

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lgtm.com/blog/apache_struts_CVE-2018-11776

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012

reference_url

https://security.netapp.com/advisory/ntap-20180822-0001

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20180822-0001

reference_url

https://security.netapp.com/advisory/ntap-20181018-0002

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181018-0002

reference_url

https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125

reference_url

https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888

reference_url

https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776

reference_url

https://www.exploit-db.com/exploits/45260

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45260

reference_url

https://www.exploit-db.com/exploits/45262

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45262

reference_url

https://www.exploit-db.com/exploits/45367

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/45367

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt

reference_url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

reference_url

http://www.securityfocus.com/bid/105125

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/105125

reference_url

http://www.securitytracker.com/id/1041547

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041547

reference_url

http://www.securitytracker.com/id/1041888

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1041888

reference_url	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py

reference_url	https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-11776

reference_id

CVE-2018-11776

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-11776

reference_url	https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb
reference_id	CVE-2018-11776
reference_type	exploit
scores
url	https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb

reference_url

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

reference_id

CVE-2018-11776-PYTHON-POC

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hook-s3c/CVE-2018-11776-Python-PoC

reference_url

https://github.com/advisories/GHSA-cr6j-3jp9-rw65

reference_id

GHSA-cr6j-3jp9-rw65

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr6j-3jp9-rw65

fixed_packages

url pkg:maven/org.apache.struts/struts2-core@2.3.35

purl pkg:maven/org.apache.struts/struts2-core@2.3.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3q92-5sz9-2kd3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35

url	pkg:maven/org.apache.struts/struts2-core@2.5.17
purl	pkg:maven/org.apache.struts/struts2-core@2.5.17
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17

aliases CVE-2018-11776, GHSA-cr6j-3jp9-rw65

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xhe-mz8d-eyem

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17

Package Instance