| 0 |
| url |
VCID-1xhe-mz8d-eyem |
| vulnerability_id |
VCID-1xhe-mz8d-eyem |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://cwiki.apache.org/confluence/display/WW/S2-057 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/ |
|
|
| url |
https://cwiki.apache.org/confluence/display/WW/S2-057 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://lgtm.com/blog/apache_struts_CVE-2018-11776 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/ |
|
|
| url |
https://lgtm.com/blog/apache_struts_CVE-2018-11776 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
| reference_url |
http://www.securityfocus.com/bid/105125 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/ |
|
|
| url |
http://www.securityfocus.com/bid/105125 |
|
| 27 |
| reference_url |
http://www.securitytracker.com/id/1041547 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/ |
|
|
| url |
http://www.securitytracker.com/id/1041547 |
|
| 28 |
| reference_url |
http://www.securitytracker.com/id/1041888 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/ |
|
|
| url |
http://www.securitytracker.com/id/1041888 |
|
| 29 |
|
| 30 |
|
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
|
| 38 |
|
| 39 |
| reference_url |
https://github.com/hook-s3c/CVE-2018-11776-Python-PoC |
| reference_id |
CVE-2018-11776-PYTHON-POC |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Attend |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/ |
|
|
| url |
https://github.com/hook-s3c/CVE-2018-11776-Python-PoC |
|
| 40 |
|
| 41 |
|
|
| fixed_packages |
|
| aliases |
CVE-2018-11776, GHSA-cr6j-3jp9-rw65
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1xhe-mz8d-eyem |
|
| 1 |
| url |
VCID-1xze-jfs9-yyba |
| vulnerability_id |
VCID-1xze-jfs9-yyba |
| summary |
|
| references |
| 0 |
| reference_url |
http://archiva.apache.org/security.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/ |
|
|
| url |
http://archiva.apache.org/security.html |
|
| 1 |
| reference_url |
http://cxsecurity.com/issue/WLB-2014010087 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/ |
|
|
| url |
http://cxsecurity.com/issue/WLB-2014010087 |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
http://seclists.org/fulldisclosure/2013/Oct/96 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/ |
|
|
| url |
http://seclists.org/fulldisclosure/2013/Oct/96 |
|
| 5 |
| reference_url |
http://seclists.org/oss-sec/2014/q1/89 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/ |
|
|
| url |
http://seclists.org/oss-sec/2014/q1/89 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
| reference_url |
http://osvdb.org/98445 |
| reference_id |
98445 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/ |
|
|
| url |
http://osvdb.org/98445 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.15.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.15.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 13 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 14 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 15 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 18 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 19 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 20 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 21 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 22 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 23 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 24 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 25 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 26 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 27 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 28 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 29 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 30 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 31 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1 |
|
|
| aliases |
CVE-2013-2251, GHSA-47qp-8v9g-39hp
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1xze-jfs9-yyba |
|
| 2 |
| url |
VCID-2p29-qaqw-9fa9 |
| vulnerability_id |
VCID-2p29-qaqw-9fa9 |
| summary |
Manipulation of Struts internals
This package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.24.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.24.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 2 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 3 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 4 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 5 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 6 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 7 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 8 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 9 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 10 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 11 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 12 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 13 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 14 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 15 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 16 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 17 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 18 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 19 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 20 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1 |
|
|
| aliases |
CVE-2015-5209, GHSA-4qgj-9mvg-3929
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2p29-qaqw-9fa9 |
|
| 3 |
|
| 4 |
| url |
VCID-4vrt-hdq4-7kc6 |
| vulnerability_id |
VCID-4vrt-hdq4-7kc6 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 6 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 7 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 8 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 9 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 10 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 11 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 12 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 13 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 14 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 15 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 16 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 17 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 18 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 19 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 20 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 21 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 22 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 23 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 24 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 25 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 26 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 27 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 28 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 29 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 30 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 31 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 32 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 33 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 34 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 35 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 36 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 37 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
|
| 1 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.1.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 6 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 7 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 8 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 9 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 10 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 11 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 12 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 13 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 14 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 15 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 16 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 17 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 18 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 19 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 20 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 21 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 22 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 23 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 24 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 25 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 26 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 27 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 28 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 29 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 30 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 31 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 32 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 33 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 34 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 35 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 36 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 37 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 38 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 39 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.1 |
|
|
| aliases |
CVE-2012-0393, GHSA-hxqq-w4mr-mc62
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4vrt-hdq4-7kc6 |
|
| 5 |
| url |
VCID-5h58-smn3-gkh7 |
| vulnerability_id |
VCID-5h58-smn3-gkh7 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.1.2 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 6 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 7 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 8 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 9 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 10 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 11 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 12 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 13 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 14 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 15 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 16 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 17 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 18 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 19 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 20 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 21 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 22 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 23 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 24 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 25 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 26 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 27 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 28 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 29 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 30 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 31 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 32 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 33 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 34 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 35 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 36 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 37 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 38 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2 |
|
|
| aliases |
CVE-2011-3923, GHSA-j68f-8h6p-9h5q
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5h58-smn3-gkh7 |
|
| 6 |
| url |
VCID-6b94-6fkt-afdu |
| vulnerability_id |
VCID-6b94-6fkt-afdu |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.14.2 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 6 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 7 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 8 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 9 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 10 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 11 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 12 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 13 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 14 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 15 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 16 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 17 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 18 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 19 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 20 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 21 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 22 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 23 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 24 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 25 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 26 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 27 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 28 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 29 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 30 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 31 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 32 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 33 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 34 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 35 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 36 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2 |
|
|
| aliases |
CVE-2013-1966, GHSA-737w-mh58-cxjp
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6b94-6fkt-afdu |
|
| 7 |
| url |
VCID-6f4g-r6bc-63fg |
| vulnerability_id |
VCID-6f4g-r6bc-63fg |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.4.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 6 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 7 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 8 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 9 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 10 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 11 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 12 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 13 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 14 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 15 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 16 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 17 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 18 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 19 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 20 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 21 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 22 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 23 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 24 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 25 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 26 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 27 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 28 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 29 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 30 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 31 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 32 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 33 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 34 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 35 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 36 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1 |
|
|
| aliases |
CVE-2012-4387, GHSA-hrgc-54mv-58gv
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4g-r6bc-63fg |
|
| 8 |
| url |
VCID-7pys-7ux7-fkfa |
| vulnerability_id |
VCID-7pys-7ux7-fkfa |
| summary |
XWork ParameterInterceptors bypass allows remote command execution
The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.2.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.2.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-4vrt-hdq4-7kc6 |
|
| 6 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 7 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 8 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 9 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 10 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 11 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 12 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 13 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 14 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 15 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 16 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 17 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 18 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 19 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 20 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 21 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 22 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 23 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 24 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 25 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 26 |
| vulnerability |
VCID-mfq8-9cbx-qkau |
|
| 27 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 28 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 29 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 30 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 31 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 32 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 33 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 34 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 35 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 36 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 37 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 38 |
| vulnerability |
VCID-x851-jd32-vbgb |
|
| 39 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 40 |
| vulnerability |
VCID-y6zz-57nn-ubd1 |
|
| 41 |
| vulnerability |
VCID-ytqw-ezfq-n7fz |
|
| 42 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1 |
|
|
| aliases |
CVE-2010-1870, GHSA-x5fc-pgpx-59j5
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7pys-7ux7-fkfa |
|
| 9 |
|
| 10 |
|
| 11 |
| url |
VCID-c5xy-yhrn-fqf2 |
| vulnerability_id |
VCID-c5xy-yhrn-fqf2 |
| summary |
Cross-Site Scripting vulnerability on "Problem Report" screen
When Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 9 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 10 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 11 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 12 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 13 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-h3mw-239q-cbgn |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 23 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20 |
|
|
| aliases |
CVE-2015-5169, GHSA-vwhv-j36g-5rm8
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c5xy-yhrn-fqf2 |
|
| 12 |
| url |
VCID-ce3p-yaze-v7fy |
| vulnerability_id |
VCID-ce3p-yaze-v7fy |
| summary |
Remote code execution in Apache Struts
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. |
| references |
| 0 |
| reference_url |
http://jvn.jp/en/jp/JVN43969166/index.html |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/ |
|
|
| url |
http://jvn.jp/en/jp/JVN43969166/index.html |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://cwiki.apache.org/confluence/display/WW/S2-061 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H |
|
| 1 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/ |
|
|
| url |
https://cwiki.apache.org/confluence/display/WW/S2-061 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-17530, GHSA-jc35-q369-45pv
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ce3p-yaze-v7fy |
|
| 13 |
| url |
VCID-dhnk-x3gc-z7hs |
| vulnerability_id |
VCID-dhnk-x3gc-z7hs |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.0.12 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.0.12 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-4vrt-hdq4-7kc6 |
|
| 5 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 6 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 7 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 8 |
| vulnerability |
VCID-7pys-7ux7-fkfa |
|
| 9 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 10 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 11 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 12 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 13 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 14 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 15 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 16 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 17 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 18 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 19 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 20 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 21 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 22 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 23 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 24 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 25 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 26 |
| vulnerability |
VCID-mfq8-9cbx-qkau |
|
| 27 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 28 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 29 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 30 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 31 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 32 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 33 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 34 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 35 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 36 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 37 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 38 |
| vulnerability |
VCID-x851-jd32-vbgb |
|
| 39 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 40 |
| vulnerability |
VCID-y6zz-57nn-ubd1 |
|
| 41 |
| vulnerability |
VCID-ytqw-ezfq-n7fz |
|
| 42 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.12 |
|
| 1 |
|
| 2 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.1.6 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-4vrt-hdq4-7kc6 |
|
| 6 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 7 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 8 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 9 |
| vulnerability |
VCID-7pys-7ux7-fkfa |
|
| 10 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 11 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 12 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 13 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 14 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 15 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 16 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 17 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 18 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 19 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 20 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 21 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 22 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 23 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 24 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 25 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 26 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 27 |
| vulnerability |
VCID-mfq8-9cbx-qkau |
|
| 28 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 29 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 30 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 31 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 32 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 33 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 34 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 35 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 36 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 37 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 38 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 39 |
| vulnerability |
VCID-x851-jd32-vbgb |
|
| 40 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 41 |
| vulnerability |
VCID-y6zz-57nn-ubd1 |
|
| 42 |
| vulnerability |
VCID-ytqw-ezfq-n7fz |
|
| 43 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.6 |
|
|
| aliases |
CVE-2008-6505, GHSA-wv7g-xhvw-8hcp
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dhnk-x3gc-z7hs |
|
| 14 |
| url |
VCID-dzkb-wjvw-qufb |
| vulnerability_id |
VCID-dzkb-wjvw-qufb |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 9 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 10 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 11 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 12 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 13 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-h3mw-239q-cbgn |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 23 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20 |
|
|
| aliases |
CVE-2015-2992, GHSA-265r-pp83-gww7
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dzkb-wjvw-qufb |
|
| 15 |
|
| 16 |
| url |
VCID-es18-pf68-h3de |
| vulnerability_id |
VCID-es18-pf68-h3de |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.15.2 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.15.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 13 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 16 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 19 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 20 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 21 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 22 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 23 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 24 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 25 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 26 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 27 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 28 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 29 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 30 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2 |
|
|
| aliases |
CVE-2013-4316, GHSA-j7h6-xr7g-m2c5
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-es18-pf68-h3de |
|
| 17 |
|
| 18 |
|
| 19 |
| url |
VCID-fmf4-k1py-g7fh |
| vulnerability_id |
VCID-fmf4-k1py-g7fh |
| summary |
Unrestricted Upload of File with Dangerous Type
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
|
| aliases |
CVE-2012-1592, GHSA-8m5q-crqq-6pmf
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fmf4-k1py-g7fh |
|
| 20 |
| url |
VCID-gbqn-ywy3-d7cu |
| vulnerability_id |
VCID-gbqn-ywy3-d7cu |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 6 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 7 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 8 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 9 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 10 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 11 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 12 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 13 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 14 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 15 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 16 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 17 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 18 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 19 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 20 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 21 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 22 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 23 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 24 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 25 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 26 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 27 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 28 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 29 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 30 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 31 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 32 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 33 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
|
|
| aliases |
CVE-2013-2134, GHSA-gqqm-564f-vvxq
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gbqn-ywy3-d7cu |
|
| 21 |
| url |
VCID-hkhz-8ee5-57fm |
| vulnerability_id |
VCID-hkhz-8ee5-57fm |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.14.2 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.14.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 6 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 7 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 8 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 9 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 10 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 11 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 12 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 13 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 14 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 15 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 16 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 17 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 18 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 19 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 20 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 21 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 22 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 23 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 24 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 25 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 26 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 27 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 28 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 29 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 30 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 31 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 32 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 33 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 34 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 35 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 36 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2 |
|
|
| aliases |
CVE-2013-2115, GHSA-7ghm-rpc7-p7g5
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hkhz-8ee5-57fm |
|
| 22 |
| url |
VCID-hszd-513t-xucj |
| vulnerability_id |
VCID-hszd-513t-xucj |
| summary |
Apache Struts forced double OGNL evaluation
Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2016-4461, GHSA-864w-r5qj-h6fj
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hszd-513t-xucj |
|
| 23 |
| url |
VCID-huug-6mey-9fgz |
| vulnerability_id |
VCID-huug-6mey-9fgz |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.16.3 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.16.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 13 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 16 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 17 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 23 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3 |
|
| 1 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 9 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 10 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 11 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 12 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 13 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-h3mw-239q-cbgn |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 23 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20 |
|
|
| aliases |
CVE-2014-0116, GHSA-hmhq-382q-mp56
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-huug-6mey-9fgz |
|
| 24 |
| url |
VCID-jyrs-6kjh-3qfa |
| vulnerability_id |
VCID-jyrs-6kjh-3qfa |
| summary |
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-31805, GHSA-v8j6-6c2r-r27c
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jyrs-6kjh-3qfa |
|
| 25 |
| url |
VCID-k6eu-y8xc-5kbj |
| vulnerability_id |
VCID-k6eu-y8xc-5kbj |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 9 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 10 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 11 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 12 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 13 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-h3mw-239q-cbgn |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 23 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20 |
|
|
| aliases |
CVE-2014-7809, GHSA-h4v9-jf2r-9h6m
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k6eu-y8xc-5kbj |
|
| 26 |
| url |
VCID-knq3-w2wm-4uae |
| vulnerability_id |
VCID-knq3-w2wm-4uae |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 13 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 16 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 19 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 20 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 21 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 22 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 23 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 24 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 25 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
|
|
| aliases |
CVE-2014-0094, GHSA-vrwc-qjmw-5rjm
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-knq3-w2wm-4uae |
|
| 27 |
| url |
VCID-mfq8-9cbx-qkau |
| vulnerability_id |
VCID-mfq8-9cbx-qkau |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
http://secunia.com/advisories/47393 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/ |
|
|
| url |
http://secunia.com/advisories/47393 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
| reference_url |
http://www.exploit-db.com/exploits/18329 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 2 |
| value |
Act |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/ |
|
|
| url |
http://www.exploit-db.com/exploits/18329 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 6 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 7 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 8 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 9 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 10 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 11 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 12 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 13 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 14 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 15 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 16 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 17 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 18 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 19 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 20 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 21 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 22 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 23 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 24 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 25 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 26 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 27 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 28 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 29 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 30 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 31 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 32 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 33 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 34 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 35 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 36 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 37 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
|
|
| aliases |
CVE-2012-0391, GHSA-4wrr-9h5r-m92w
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mfq8-9cbx-qkau |
|
| 28 |
| url |
VCID-mw23-ujhz-a7cs |
| vulnerability_id |
VCID-mw23-ujhz-a7cs |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 6 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 7 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 8 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 9 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 10 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 11 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 12 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 13 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 14 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 15 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 16 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 17 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 18 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 19 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 20 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 21 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 22 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 23 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 24 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 25 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 26 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 27 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 28 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 29 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 30 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 31 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 32 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 33 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
|
|
| aliases |
CVE-2013-2135, GHSA-pw8r-x2qm-3h5m
|
| risk_score |
1.4 |
| exploitability |
2.0 |
| weighted_severity |
0.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mw23-ujhz-a7cs |
|
| 29 |
| url |
VCID-nb8f-hdtw-9fdk |
| vulnerability_id |
VCID-nb8f-hdtw-9fdk |
| summary |
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-0230, GHSA-wp4h-pvgw-5727
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nb8f-hdtw-9fdk |
|
| 30 |
| url |
VCID-nqwc-36ke-b3ff |
| vulnerability_id |
VCID-nqwc-36ke-b3ff |
| summary |
XSS via malicious action parameter
Multiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to `actionNames.action` and `showConfig.action` in `config-browser/`. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.16 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.16 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 13 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 16 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 19 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 20 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 21 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 22 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 23 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 24 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 25 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 26 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 27 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 28 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16 |
|
|
| aliases |
CVE-2013-6348, GHSA-3g8j-jj54-3vjg
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nqwc-36ke-b3ff |
|
| 31 |
| url |
VCID-pjsc-j2a1-7qdj |
| vulnerability_id |
VCID-pjsc-j2a1-7qdj |
| summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.0.11.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.0.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-4vrt-hdq4-7kc6 |
|
| 5 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 6 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 7 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 8 |
| vulnerability |
VCID-7pys-7ux7-fkfa |
|
| 9 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 10 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 11 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 12 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 13 |
| vulnerability |
VCID-dhnk-x3gc-z7hs |
|
| 14 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 15 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 16 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 17 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 18 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 19 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 20 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 21 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 22 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 23 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 24 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 25 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 26 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 27 |
| vulnerability |
VCID-mfq8-9cbx-qkau |
|
| 28 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 29 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 30 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 31 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 32 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 33 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 34 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 35 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 36 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 37 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 38 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 39 |
| vulnerability |
VCID-x851-jd32-vbgb |
|
| 40 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 41 |
| vulnerability |
VCID-y6zz-57nn-ubd1 |
|
| 42 |
| vulnerability |
VCID-ytqw-ezfq-n7fz |
|
| 43 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.11.1 |
|
| 1 |
|
|
| aliases |
CVE-2008-6682, GHSA-jgcr-9c2q-rvp8
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pjsc-j2a1-7qdj |
|
| 32 |
|
| 33 |
| url |
VCID-pmr8-6zz1-ryf2 |
| vulnerability_id |
VCID-pmr8-6zz1-ryf2 |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 6 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 7 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 8 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 9 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 10 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 11 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 12 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 13 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 14 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 15 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 16 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 17 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 18 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 19 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 20 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 21 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 22 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 23 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 24 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 25 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 26 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 27 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 28 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 29 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 30 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 31 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 32 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 33 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3 |
|
|
| aliases |
CVE-2013-1965, GHSA-whmq-v94q-34p9
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pmr8-6zz1-ryf2 |
|
| 34 |
| url |
VCID-pr67-cm26-w7hm |
| vulnerability_id |
VCID-pr67-cm26-w7hm |
| summary |
CSRF protection bypass
The token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.4.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.4.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 6 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 7 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 8 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 9 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 10 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 11 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 12 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 13 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 14 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 15 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 16 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 17 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 18 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 19 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 20 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 21 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 22 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 23 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 24 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 25 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 26 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 27 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 28 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 29 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 30 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 31 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 32 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 33 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 34 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 35 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 36 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1 |
|
|
| aliases |
CVE-2012-4386, GHSA-2rvh-q539-q33v
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pr67-cm26-w7hm |
|
| 35 |
|
| 36 |
| url |
VCID-sd6f-umkv-ffc2 |
| vulnerability_id |
VCID-sd6f-umkv-ffc2 |
| summary |
Improper Input Validation
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 9 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 10 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 11 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 12 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 13 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-h3mw-239q-cbgn |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 23 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20 |
|
|
| aliases |
CVE-2016-3090, GHSA-ggmp-fxfg-277r
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sd6f-umkv-ffc2 |
|
| 37 |
| url |
VCID-sgb7-h4sp-dbgf |
| vulnerability_id |
VCID-sgb7-h4sp-dbgf |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.15.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.15.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 13 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 14 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 15 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 18 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 19 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 20 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 21 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 22 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 23 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 24 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 25 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 26 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 27 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 28 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 29 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 30 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 31 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1 |
|
|
| aliases |
CVE-2013-2248, GHSA-rpj9-r897-wc6q
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sgb7-h4sp-dbgf |
|
| 38 |
|
| 39 |
| url |
VCID-ubk6-8mnk-bqet |
| vulnerability_id |
VCID-ubk6-8mnk-bqet |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 13 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 16 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 19 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 20 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 21 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 22 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 23 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 24 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 25 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
|
| 1 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 9 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 10 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 11 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 12 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 13 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-h3mw-239q-cbgn |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 23 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20 |
|
|
| aliases |
CVE-2014-0112, GHSA-prjv-jj26-wf8h
|
| risk_score |
1.6 |
| exploitability |
2.0 |
| weighted_severity |
0.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ubk6-8mnk-bqet |
|
| 40 |
| url |
VCID-x851-jd32-vbgb |
| vulnerability_id |
VCID-x851-jd32-vbgb |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 6 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 7 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 8 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 9 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 10 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 11 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 12 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 13 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 14 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 15 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 16 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 17 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 18 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 19 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 20 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 21 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 22 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 23 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 24 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 25 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 26 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 27 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 28 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 29 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 30 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 31 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 32 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 33 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 34 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 35 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 36 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 37 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
|
|
| aliases |
CVE-2012-0392, GHSA-2ppp-xj34-vvf7
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x851-jd32-vbgb |
|
| 41 |
| url |
VCID-y65y-kv8s-q3ef |
| vulnerability_id |
VCID-y65y-kv8s-q3ef |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.15.3 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.15.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 13 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 16 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 19 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 20 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 21 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 22 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 23 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 24 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 25 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 26 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 27 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 28 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
| 29 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3 |
|
|
| aliases |
CVE-2013-4310, GHSA-q5q8-jghf-3pm3
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y65y-kv8s-q3ef |
|
| 42 |
| url |
VCID-y6zz-57nn-ubd1 |
| vulnerability_id |
VCID-y6zz-57nn-ubd1 |
| summary |
|
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 6 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 7 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 8 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 9 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 10 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 11 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 12 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 13 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 14 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 15 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 16 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 17 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 18 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 19 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 20 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 21 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 22 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 23 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 24 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 25 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 26 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 27 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 28 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 29 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 30 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 31 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 32 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 33 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 34 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 35 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 36 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 37 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1 |
|
|
| aliases |
CVE-2012-0838, GHSA-mwrx-hx6x-3hhv
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y6zz-57nn-ubd1 |
|
| 43 |
| url |
VCID-ytqw-ezfq-n7fz |
| vulnerability_id |
VCID-ytqw-ezfq-n7fz |
| summary |
Multiple XSS flaws in XWork
Multiple cross-site scripting (XSS) vulnerabilities in XWork allow remote attackers to inject arbitrary web script or HTML via vectors involving an action name, the action attribute of an s:submit element, or the method attribute of an `s:submit` element. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.2.3 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.2.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-1xze-jfs9-yyba |
|
| 2 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 3 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 4 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 5 |
| vulnerability |
VCID-4vrt-hdq4-7kc6 |
|
| 6 |
| vulnerability |
VCID-5h58-smn3-gkh7 |
|
| 7 |
| vulnerability |
VCID-6b94-6fkt-afdu |
|
| 8 |
| vulnerability |
VCID-6f4g-r6bc-63fg |
|
| 9 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 10 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 11 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 12 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 13 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 14 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 15 |
| vulnerability |
VCID-es18-pf68-h3de |
|
| 16 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 17 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 18 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 19 |
| vulnerability |
VCID-gbqn-ywy3-d7cu |
|
| 20 |
| vulnerability |
VCID-hkhz-8ee5-57fm |
|
| 21 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 22 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 23 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 24 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 25 |
| vulnerability |
VCID-knq3-w2wm-4uae |
|
| 26 |
| vulnerability |
VCID-mfq8-9cbx-qkau |
|
| 27 |
| vulnerability |
VCID-mw23-ujhz-a7cs |
|
| 28 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 29 |
| vulnerability |
VCID-nqwc-36ke-b3ff |
|
| 30 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 31 |
| vulnerability |
VCID-pmr8-6zz1-ryf2 |
|
| 32 |
| vulnerability |
VCID-pr67-cm26-w7hm |
|
| 33 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 34 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 35 |
| vulnerability |
VCID-sgb7-h4sp-dbgf |
|
| 36 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 37 |
| vulnerability |
VCID-ubk6-8mnk-bqet |
|
| 38 |
| vulnerability |
VCID-x851-jd32-vbgb |
|
| 39 |
| vulnerability |
VCID-y65y-kv8s-q3ef |
|
| 40 |
| vulnerability |
VCID-y6zz-57nn-ubd1 |
|
| 41 |
| vulnerability |
VCID-zkdp-x1s4-jbbx |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3 |
|
|
| aliases |
CVE-2011-1772, GHSA-56f8-g68r-j699
|
| risk_score |
0.2 |
| exploitability |
0.5 |
| weighted_severity |
0.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ytqw-ezfq-n7fz |
|
| 44 |
| url |
VCID-zkdp-x1s4-jbbx |
| vulnerability_id |
VCID-zkdp-x1s4-jbbx |
| summary |
|
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-c5xy-yhrn-fqf2 |
|
| 9 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 10 |
| vulnerability |
VCID-dzkb-wjvw-qufb |
|
| 11 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 12 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 13 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 16 |
| vulnerability |
VCID-huug-6mey-9fgz |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-k6eu-y8xc-5kbj |
|
| 19 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 20 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 21 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 22 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 23 |
| vulnerability |
VCID-sd6f-umkv-ffc2 |
|
| 24 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 25 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2 |
|
| 1 |
| url |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| purl |
pkg:maven/org.apache.struts/struts2-core@2.3.20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1xhe-mz8d-eyem |
|
| 1 |
| vulnerability |
VCID-2p29-qaqw-9fa9 |
|
| 2 |
| vulnerability |
VCID-2qup-v76d-8bge |
|
| 3 |
| vulnerability |
VCID-3q92-5sz9-2kd3 |
|
| 4 |
| vulnerability |
VCID-86yh-tym8-f3hh |
|
| 5 |
| vulnerability |
VCID-8huk-86a6-27cw |
|
| 6 |
| vulnerability |
VCID-8zze-44sk-audx |
|
| 7 |
| vulnerability |
VCID-aaet-jdfc-mbek |
|
| 8 |
| vulnerability |
VCID-ce3p-yaze-v7fy |
|
| 9 |
| vulnerability |
VCID-d7b9-rv1g-qkfp |
|
| 10 |
| vulnerability |
VCID-ee2d-r8vy-skhq |
|
| 11 |
| vulnerability |
VCID-ev69-3d1j-nuac |
|
| 12 |
| vulnerability |
VCID-f4kx-q41m-5qer |
|
| 13 |
| vulnerability |
VCID-fdat-drnp-yudv |
|
| 14 |
| vulnerability |
VCID-fmf4-k1py-g7fh |
|
| 15 |
| vulnerability |
VCID-h3mw-239q-cbgn |
|
| 16 |
| vulnerability |
VCID-hszd-513t-xucj |
|
| 17 |
| vulnerability |
VCID-jyrs-6kjh-3qfa |
|
| 18 |
| vulnerability |
VCID-n7x9-wj56-a7gr |
|
| 19 |
| vulnerability |
VCID-nb8f-hdtw-9fdk |
|
| 20 |
| vulnerability |
VCID-pjw9-sxen-b3cu |
|
| 21 |
| vulnerability |
VCID-q9p6-sxpv-g7gp |
|
| 22 |
| vulnerability |
VCID-t9vy-6y7q-e3ac |
|
| 23 |
| vulnerability |
VCID-vurd-7tee-e7a9 |
|
| 24 |
| vulnerability |
VCID-ycjb-zszd-4ufy |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20 |
|
|
| aliases |
CVE-2014-0113, GHSA-3c5c-xrq4-qhr8
|
| risk_score |
1.4 |
| exploitability |
2.0 |
| weighted_severity |
0.7 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zkdp-x1s4-jbbx |
|