Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.5.33
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.5.33
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.8.0
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-87fh-rvvb-6ubq
vulnerability_id VCID-87fh-rvvb-6ubq
summary 
Apache Struts file upload logic is flawed
File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
reference_id
reference_type
scores
0
value 0.91785
scoring_system epss
scoring_elements 0.99685
published_at 2026-04-04T12:55:00Z
1
value 0.91785
scoring_system epss
scoring_elements 0.99684
published_at 2026-04-02T12:55:00Z
2
value 0.91785
scoring_system epss
scoring_elements 0.99686
published_at 2026-04-07T12:55:00Z
3
value 0.93053
scoring_system epss
scoring_elements 0.99788
published_at 2026-04-08T12:55:00Z
4
value 0.93053
scoring_system epss
scoring_elements 0.99791
published_at 2026-04-18T12:55:00Z
5
value 0.93053
scoring_system epss
scoring_elements 0.99789
published_at 2026-04-13T12:55:00Z
6
value 0.93081
scoring_system epss
scoring_elements 0.99793
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-067
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/
url https://cwiki.apache.org/confluence/display/WW/S2-067
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
6
reference_url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
7
reference_url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
9
reference_url https://security.netapp.com/advisory/ntap-20250103-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0005
10
reference_url https://struts.apache.org/core-developers/file-upload
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/core-developers/file-upload
11
reference_url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
reference_id 2331686
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
13
reference_url https://github.com/advisories/GHSA-43mq-6xmg-29vm
reference_id GHSA-43mq-6xmg-29vm
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43mq-6xmg-29vm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.4.0
purl pkg:maven/org.apache.struts/struts2-core@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-95ts-vpk6-uubg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0
aliases CVE-2024-53677, GHSA-43mq-6xmg-29vm
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-87fh-rvvb-6ubq
1
url VCID-95ts-vpk6-uubg
vulnerability_id VCID-95ts-vpk6-uubg
summary 
Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31599
published_at 2026-04-08T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31685
published_at 2026-04-02T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31628
published_at 2026-04-09T12:55:00Z
3
value 0.00124
scoring_system epss
scoring_elements 0.31729
published_at 2026-04-04T12:55:00Z
4
value 0.00124
scoring_system epss
scoring_elements 0.31547
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40733
published_at 2026-04-13T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40752
published_at 2026-04-12T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40786
published_at 2026-04-11T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.4067
published_at 2026-04-21T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40748
published_at 2026-04-18T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40778
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
1
reference_url https://cve.org/CVERecord?id=CVE-2025-64775
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cve.org/CVERecord?id=CVE-2025-64775
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-068
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cwiki.apache.org/confluence/display/WW/S2-068
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
reference_id CVE-2025-66675
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
6
reference_url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
reference_id GHSA-rg58-xhh7-mqjw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.8.0
purl pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0
1
url pkg:maven/org.apache.struts/struts2-core@7.1.1
purl pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1
aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg
2
url VCID-j8jv-hzsy-nyec
vulnerability_id VCID-j8jv-hzsy-nyec
summary 
Apache Struts is Vulnerable to DoS via File Leak
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64775
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41176
published_at 2026-04-21T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41248
published_at 2026-04-18T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41199
published_at 2026-04-07T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.41274
published_at 2026-04-04T12:55:00Z
4
value 0.00193
scoring_system epss
scoring_elements 0.41249
published_at 2026-04-08T12:55:00Z
5
value 0.00193
scoring_system epss
scoring_elements 0.41277
published_at 2026-04-16T12:55:00Z
6
value 0.00193
scoring_system epss
scoring_elements 0.41233
published_at 2026-04-13T12:55:00Z
7
value 0.00193
scoring_system epss
scoring_elements 0.41247
published_at 2026-04-12T12:55:00Z
8
value 0.00193
scoring_system epss
scoring_elements 0.41278
published_at 2026-04-11T12:55:00Z
9
value 0.00193
scoring_system epss
scoring_elements 0.41245
published_at 2026-04-02T12:55:00Z
10
value 0.00193
scoring_system epss
scoring_elements 0.41257
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64775
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-068
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:22:57Z/
url https://cwiki.apache.org/confluence/display/WW/S2-068
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url http://www.openwall.com/lists/oss-security/2025/12/01/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/12/01/2
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418059
reference_id 2418059
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418059
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64775
reference_id CVE-2025-64775
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64775
7
reference_url https://github.com/advisories/GHSA-xx7v-hqxh-cjr9
reference_id GHSA-xx7v-hqxh-cjr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx7v-hqxh-cjr9
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.8.0
purl pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0
1
url pkg:maven/org.apache.struts/struts2-core@7.1.1
purl pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1
aliases CVE-2025-64775, GHSA-xx7v-hqxh-cjr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8jv-hzsy-nyec
3
url VCID-tgd1-s1yg-9fdt
vulnerability_id VCID-tgd1-s1yg-9fdt
summary 
Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07712
published_at 2026-04-21T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07615
published_at 2026-04-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.0764
published_at 2026-04-04T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.07673
published_at 2026-04-08T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07572
published_at 2026-04-18T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07585
published_at 2026-04-16T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.0766
published_at 2026-04-13T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07676
published_at 2026-04-12T12:55:00Z
8
value 0.00027
scoring_system epss
scoring_elements 0.0769
published_at 2026-04-11T12:55:00Z
9
value 0.00027
scoring_system epss
scoring_elements 0.07598
published_at 2026-04-02T12:55:00Z
10
value 0.00027
scoring_system epss
scoring_elements 0.07691
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-069
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/
url https://cwiki.apache.org/confluence/display/WW/S2-069
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
5
reference_url http://www.openwall.com/lists/oss-security/2026/01/11/2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/01/11/2
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id 2428559
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
7
reference_url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
reference_id GHSA-qcfc-hmrc-59x7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.1.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-b7zy-qhz9-tuar
3
vulnerability VCID-dk2f-14xj-9bf8
4
vulnerability VCID-gfxq-vtry-bqgg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1
aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt
Fixing_vulnerabilities
0
url VCID-gfxq-vtry-bqgg
vulnerability_id VCID-gfxq-vtry-bqgg
summary 
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
references
0
reference_url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
reference_id
reference_type
scores
0
value 0.92864
scoring_system epss
scoring_elements 0.99769
published_at 2026-04-21T12:55:00Z
1
value 0.93657
scoring_system epss
scoring_elements 0.99842
published_at 2026-04-07T12:55:00Z
2
value 0.93657
scoring_system epss
scoring_elements 0.99841
published_at 2026-04-02T12:55:00Z
3
value 0.93657
scoring_system epss
scoring_elements 0.99844
published_at 2026-04-13T12:55:00Z
4
value 0.93657
scoring_system epss
scoring_elements 0.99843
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-066
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-066
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
6
reference_url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
7
reference_url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
8
reference_url https://security.netapp.com/advisory/ntap-20231214-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0010
9
reference_url https://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/12/07/1
10
reference_url http://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/07/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id 2253938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
reference_id CVE-2023-50164
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
13
reference_url https://github.com/advisories/GHSA-2j39-qcjm-428w
reference_id GHSA-2j39-qcjm-428w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j39-qcjm-428w
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.33
purl pkg:maven/org.apache.struts/struts2-core@2.5.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
2
vulnerability VCID-j8jv-hzsy-nyec
3
vulnerability VCID-tgd1-s1yg-9fdt
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33
1
url pkg:maven/org.apache.struts/struts2-core@6.3.0.2
purl pkg:maven/org.apache.struts/struts2-core@6.3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-87fh-rvvb-6ubq
1
vulnerability VCID-95ts-vpk6-uubg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2
aliases CVE-2023-50164, GHSA-2j39-qcjm-428w
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33