Lookup for vulnerable packages by Package URL.
| Purl | pkg:maven/org.apache.struts/struts2-core@6.0.0 |
|---|
| Type | maven |
|---|
| Namespace | org.apache.struts |
|---|
| Name | struts2-core |
|---|
| Version | 6.0.0 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 6.1.1 |
|---|
| Latest_non_vulnerable_version | 7.1.1 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-8cmt-z8g9-duf2 |
| vulnerability_id |
VCID-8cmt-z8g9-duf2 |
| summary |
Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-68493, GHSA-qcfc-hmrc-59x7
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8cmt-z8g9-duf2 |
|
| 1 |
| url |
VCID-mvdz-exud-3ybz |
| vulnerability_id |
VCID-mvdz-exud-3ybz |
| summary |
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-50164, GHSA-2j39-qcjm-428w
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mvdz-exud-3ybz |
|
| 2 |
| url |
VCID-renj-v5ce-2khx |
| vulnerability_id |
VCID-renj-v5ce-2khx |
| summary |
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.
Upgrade to Struts 2.5.31 or 6.1.2.1 or greater |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-34396, GHSA-4g42-gqrg-4633
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-renj-v5ce-2khx |
|
| 3 |
| url |
VCID-wzez-6cmp-n7gn |
| vulnerability_id |
VCID-wzez-6cmp-n7gn |
| summary |
Apache Struts vulnerable to memory exhaustion
Denial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.
Upgrade to Struts 2.5.31 or 6.1.2.1 or greater. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-34149, GHSA-8f6x-v685-g2xc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wzez-6cmp-n7gn |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.0.0 |
|---|