Lookup for vulnerable packages by Package URL.
| Purl | pkg:maven/org.apache.struts/struts2-core@2.5.33 |
|---|
| Type | maven |
|---|
| Namespace | org.apache.struts |
|---|
| Name | struts2-core |
|---|
| Version | 2.5.33 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 6.1.1 |
|---|
| Latest_non_vulnerable_version | 7.1.1 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-8cmt-z8g9-duf2 |
| vulnerability_id |
VCID-8cmt-z8g9-duf2 |
| summary |
Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.
This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.
Users are recommended to upgrade to version 6.1.1, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-68493, GHSA-qcfc-hmrc-59x7
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8cmt-z8g9-duf2 |
|
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-mvdz-exud-3ybz |
| vulnerability_id |
VCID-mvdz-exud-3ybz |
| summary |
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2023-50164, GHSA-2j39-qcjm-428w
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mvdz-exud-3ybz |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33 |
|---|