Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.5.30
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.5.30
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.5.31
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dbzr-zyeu-73g8
vulnerability_id VCID-dbzr-zyeu-73g8
summary 
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
reference_id
reference_type
scores
0
value 0.93788
scoring_system epss
scoring_elements 0.99865
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-31805
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-062
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-062
3
reference_url https://security.netapp.com/advisory/ntap-20220420-0001
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220420-0001
4
reference_url https://security.netapp.com/advisory/ntap-20220420-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220420-0001/
5
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
6
reference_url http://www.openwall.com/lists/oss-security/2022/04/12/6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/12/6
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
reference_id 2074788
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2074788
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
reference_id CVE-2021-31805
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-31805
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.30
purl pkg:maven/org.apache.struts/struts2-core@2.5.30
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30
aliases CVE-2021-31805, GHSA-v8j6-6c2r-r27c
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbzr-zyeu-73g8
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30