Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-rest-plugin@6.1.1

Type maven

Namespace org.apache.struts

Name struts2-rest-plugin

Version 6.1.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.3.0.2

Latest_non_vulnerable_version 6.3.0.2

Affected_by_vulnerabilities

url VCID-gfxq-vtry-bqgg

vulnerability_id VCID-gfxq-vtry-bqgg

summary

Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

references

reference_url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_id

reference_type

scores

value	0.92864
scoring_system	epss
scoring_elements	0.99769
published_at	2026-04-21T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99842
published_at	2026-04-07T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99841
published_at	2026-04-02T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99844
published_at	2026-04-13T12:55:00Z

value	0.93657
scoring_system	epss
scoring_elements	0.99843
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50164

reference_url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://cwiki.apache.org/confluence/display/WW/S2-066

reference_url

https://github.com/apache/struts

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts

reference_url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163

reference_url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6

reference_url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj

reference_url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231214-0010

reference_url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/12/07/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id	2253938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2253938

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_id

CVE-2023-50164

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50164

reference_url

https://github.com/advisories/GHSA-2j39-qcjm-428w

reference_id

GHSA-2j39-qcjm-428w

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j39-qcjm-428w

fixed_packages

url	pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.2
purl	pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.2

aliases CVE-2023-50164, GHSA-2j39-qcjm-428w

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@6.1.1

Package Instance