Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts-core@1.3.10
Typemaven
Namespaceorg.apache.struts
Namestruts-core
Version1.3.10
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-1vy2-r1jp-5uhe
vulnerability_id VCID-1vy2-r1jp-5uhe
summary 
Improper Input Validation in Apache Struts
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1343540
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1343540
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
2
reference_url https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
reference_id
reference_type
scores
url https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
3
reference_url https://security.netapp.com/advisory/ntap-20180629-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0006
4
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2020.html
5
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2020.html
6
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
7
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
8
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1182
reference_id CVE-2016-1182
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-1182
10
reference_url https://security-tracker.debian.org/tracker/CVE-2016-1182
reference_id CVE-2016-1182
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2016-1182
11
reference_url https://github.com/advisories/GHSA-5ggr-mpgw-3mgx
reference_id GHSA-5ggr-mpgw-3mgx
reference_type
scores
url https://github.com/advisories/GHSA-5ggr-mpgw-3mgx
fixed_packages
aliases CVE-2016-1182, GHSA-5ggr-mpgw-3mgx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vy2-r1jp-5uhe
1
url VCID-n4p7-p4qb-r7a2
vulnerability_id VCID-n4p7-p4qb-r7a2
summary 
Improper Input Validation in Apache Struts
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
references
0
reference_url https://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
reference_id
reference_type
scores
url https://en.osdn.jp/projects/terasoluna/wiki/StrutsPatch2-EN
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
2
reference_url https://security.netapp.com/advisory/ntap-20180629-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0006
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0899
reference_id CVE-2015-0899
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-0899
4
reference_url https://github.com/advisories/GHSA-cvvx-r33m-v7pq
reference_id GHSA-cvvx-r33m-v7pq
reference_type
scores
url https://github.com/advisories/GHSA-cvvx-r33m-v7pq
fixed_packages
aliases CVE-2015-0899, GHSA-cvvx-r33m-v7pq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n4p7-p4qb-r7a2
2
url VCID-renj-v5ce-2khx
vulnerability_id VCID-renj-v5ce-2khx
summary 
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
references
0
reference_url https://cwiki.apache.org/confluence/display/WW/S2-064
reference_id
reference_type
scores
url https://cwiki.apache.org/confluence/display/WW/S2-064
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
2
reference_url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
reference_id
reference_type
scores
url https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
3
reference_url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
reference_id
reference_type
scores
url https://github.com/apache/struts/releases/tag/STRUTS_2_5_31
4
reference_url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
reference_id
reference_type
scores
url https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1
5
reference_url https://security.netapp.com/advisory/ntap-20230706-0005
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230706-0005
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34396
reference_id CVE-2023-34396
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-34396
7
reference_url https://github.com/advisories/GHSA-4g42-gqrg-4633
reference_id GHSA-4g42-gqrg-4633
reference_type
scores
url https://github.com/advisories/GHSA-4g42-gqrg-4633
fixed_packages
aliases CVE-2023-34396, GHSA-4g42-gqrg-4633
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-renj-v5ce-2khx
3
url VCID-yf42-xtpw-dkbk
vulnerability_id VCID-yf42-xtpw-dkbk
summary 
Improper Input Validation in Apache Struts
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1343538
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1343538
1
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
url https://github.com/apache/struts
2
reference_url https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
reference_id
reference_type
scores
url https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
3
reference_url https://security.netapp.com/advisory/ntap-20180629-0006
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20180629-0006
4
reference_url https://www.oracle.com/security-alerts/cpujan2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujan2020.html
5
reference_url https://www.oracle.com/security-alerts/cpujul2020.html
reference_id
reference_type
scores
url https://www.oracle.com/security-alerts/cpujul2020.html
6
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
7
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
8
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1181
reference_id CVE-2016-1181
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-1181
10
reference_url https://security-tracker.debian.org/tracker/CVE-2016-1181
reference_id CVE-2016-1181
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2016-1181
11
reference_url https://github.com/advisories/GHSA-7jw3-5q4w-89qg
reference_id GHSA-7jw3-5q4w-89qg
reference_type
scores
url https://github.com/advisories/GHSA-7jw3-5q4w-89qg
fixed_packages
aliases CVE-2016-1181, GHSA-7jw3-5q4w-89qg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yf42-xtpw-dkbk
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts-core@1.3.10