Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@6.8.0
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version6.8.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version7.1.1
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-95ts-vpk6-uubg
vulnerability_id VCID-95ts-vpk6-uubg
summary 
Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31599
published_at 2026-04-08T12:55:00Z
1
value 0.00124
scoring_system epss
scoring_elements 0.31685
published_at 2026-04-02T12:55:00Z
2
value 0.00124
scoring_system epss
scoring_elements 0.31628
published_at 2026-04-09T12:55:00Z
3
value 0.00124
scoring_system epss
scoring_elements 0.31729
published_at 2026-04-04T12:55:00Z
4
value 0.00124
scoring_system epss
scoring_elements 0.31547
published_at 2026-04-07T12:55:00Z
5
value 0.00189
scoring_system epss
scoring_elements 0.40733
published_at 2026-04-13T12:55:00Z
6
value 0.00189
scoring_system epss
scoring_elements 0.40752
published_at 2026-04-12T12:55:00Z
7
value 0.00189
scoring_system epss
scoring_elements 0.40786
published_at 2026-04-11T12:55:00Z
8
value 0.00189
scoring_system epss
scoring_elements 0.4067
published_at 2026-04-21T12:55:00Z
9
value 0.00189
scoring_system epss
scoring_elements 0.40748
published_at 2026-04-18T12:55:00Z
10
value 0.00189
scoring_system epss
scoring_elements 0.40778
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
1
reference_url https://cve.org/CVERecord?id=CVE-2025-64775
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cve.org/CVERecord?id=CVE-2025-64775
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-068
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cwiki.apache.org/confluence/display/WW/S2-068
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
reference_id CVE-2025-66675
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
6
reference_url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
reference_id GHSA-rg58-xhh7-mqjw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.8.0
purl pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0
1
url pkg:maven/org.apache.struts/struts2-core@7.1.1
purl pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1
aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg
1
url VCID-j8jv-hzsy-nyec
vulnerability_id VCID-j8jv-hzsy-nyec
summary 
Apache Struts is Vulnerable to DoS via File Leak
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-64775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64775
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41176
published_at 2026-04-21T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41248
published_at 2026-04-18T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41199
published_at 2026-04-07T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.41274
published_at 2026-04-04T12:55:00Z
4
value 0.00193
scoring_system epss
scoring_elements 0.41249
published_at 2026-04-08T12:55:00Z
5
value 0.00193
scoring_system epss
scoring_elements 0.41277
published_at 2026-04-16T12:55:00Z
6
value 0.00193
scoring_system epss
scoring_elements 0.41233
published_at 2026-04-13T12:55:00Z
7
value 0.00193
scoring_system epss
scoring_elements 0.41247
published_at 2026-04-12T12:55:00Z
8
value 0.00193
scoring_system epss
scoring_elements 0.41278
published_at 2026-04-11T12:55:00Z
9
value 0.00193
scoring_system epss
scoring_elements 0.41245
published_at 2026-04-02T12:55:00Z
10
value 0.00193
scoring_system epss
scoring_elements 0.41257
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64775
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-068
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-01T18:22:57Z/
url https://cwiki.apache.org/confluence/display/WW/S2-068
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url http://www.openwall.com/lists/oss-security/2025/12/01/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/12/01/2
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418059
reference_id 2418059
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418059
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-64775
reference_id CVE-2025-64775
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-64775
7
reference_url https://github.com/advisories/GHSA-xx7v-hqxh-cjr9
reference_id GHSA-xx7v-hqxh-cjr9
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx7v-hqxh-cjr9
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.8.0
purl pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0
1
url pkg:maven/org.apache.struts/struts2-core@7.1.1
purl pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1
aliases CVE-2025-64775, GHSA-xx7v-hqxh-cjr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8jv-hzsy-nyec
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0