Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/struts/struts@2.0.0
Typemaven
Namespacestruts
Namestruts
Version2.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-jyrs-6kjh-3qfa
vulnerability_id VCID-jyrs-6kjh-3qfa
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
reference_id
reference_type
scores
0
value 0.93788
scoring_system epss
scoring_elements 0.99865
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-062
reference_id
reference_type
scores
url https://cwiki.apache.org/confluence/display/WW/S2-062
2
reference_url https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220420-0001/
3
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2022.html
4
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2022/04/12/6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
reference_id CVE-2021-31805
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
6
reference_url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
reference_id GHSA-v8j6-6c2r-r27c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8j6-6c2r-r27c
fixed_packages
aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jyrs-6kjh-3qfa
1
url VCID-mpnb-2h8x-5bgf
vulnerability_id VCID-mpnb-2h8x-5bgf
summary 
Incomplete Cleanup
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41835
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45139
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41835
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
3
reference_url https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
4
reference_url https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
5
reference_url https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
reference_id
reference_type
scores
url https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
6
reference_url https://security.netapp.com/advisory/ntap-20231013-0001
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231013-0001
7
reference_url https://www.openwall.com/lists/oss-security/2023/12/09/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2023/12/09/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41835
reference_id CVE-2023-41835
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-41835
9
reference_url https://github.com/advisories/GHSA-729q-fcgp-r5xh
reference_id GHSA-729q-fcgp-r5xh
reference_type
scores
url https://github.com/advisories/GHSA-729q-fcgp-r5xh
fixed_packages
aliases CVE-2023-41835, GHSA-729q-fcgp-r5xh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mpnb-2h8x-5bgf
2
url VCID-uza5-qvgq-a3gm
vulnerability_id VCID-uza5-qvgq-a3gm
summary 
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
reference_id
reference_type
scores
0
value 0.92896
scoring_system epss
scoring_elements 0.99777
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
1
reference_url https://cwiki.apache.org/confluence/display/WW/S2-066
reference_id
reference_type
scores
url https://cwiki.apache.org/confluence/display/WW/S2-066
2
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
3
reference_url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
4
reference_url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
5
reference_url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
reference_id
reference_type
scores
url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
6
reference_url https://security.netapp.com/advisory/ntap-20231214-0010
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231214-0010
7
reference_url https://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2023/12/07/1
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
reference_id CVE-2023-50164
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
9
reference_url https://github.com/advisories/GHSA-2j39-qcjm-428w
reference_id GHSA-2j39-qcjm-428w
reference_type
scores
url https://github.com/advisories/GHSA-2j39-qcjm-428w
fixed_packages
aliases CVE-2023-50164, GHSA-2j39-qcjm-428w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uza5-qvgq-a3gm
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@2.0.0