Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/85387?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/85387?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.0.9", "type": "maven", "namespace": "org.apache.struts", "name": "struts2-core", "version": "2.0.9", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.8.0", "latest_non_vulnerable_version": "7.1.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/270595?format=api", "vulnerability_id": "VCID-1tfj-xmkp-bbfr", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93188", "scoring_system": "epss", "scoring_elements": "0.99807", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53677" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-067", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-067" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854" }, { "reference_url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78" }, { "reference_url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53677" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250103-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250103-0005" }, { "reference_url": "https://struts.apache.org/core-developers/file-upload", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/core-developers/file-upload" }, { "reference_url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686", "reference_id": "2331686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331686" }, { "reference_url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm", "reference_id": "GHSA-43mq-6xmg-29vm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-43mq-6xmg-29vm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/187437?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-nfn8-r3bb-kka7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0" } ], "aliases": [ "CVE-2024-53677", "GHSA-43mq-6xmg-29vm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1tfj-xmkp-bbfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9993?format=api", "vulnerability_id": "VCID-1xhe-mz8d-eyem", "summary": "", "references": [ { "reference_url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94431", "scoring_system": "epss", "scoring_elements": "0.99986", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11776" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-057", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-057" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b" }, { "reference_url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e" }, { "reference_url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72" }, { "reference_url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d" }, { "reference_url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lgtm.com/blog/apache_struts_CVE-2018-11776" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20181018-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20181018-0002" }, { "reference_url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125" }, { "reference_url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776" }, { "reference_url": "https://www.exploit-db.com/exploits/45260", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45260" }, { "reference_url": "https://www.exploit-db.com/exploits/45262", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45262" }, { "reference_url": "https://www.exploit-db.com/exploits/45367", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/45367" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/105125", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securityfocus.com/bid/105125" }, { "reference_url": "http://www.securitytracker.com/id/1041547", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041547" }, { "reference_url": "http://www.securitytracker.com/id/1041888", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "http://www.securitytracker.com/id/1041888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019", "reference_id": "1620019", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620019" }, { "reference_url": "https://www.exploit-db.com/exploits/45260/", "reference_id": "45260", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45260/" }, { "reference_url": "https://www.exploit-db.com/exploits/45262/", "reference_id": "45262", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45262/" }, { "reference_url": "https://www.exploit-db.com/exploits/45367/", "reference_id": "45367", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://www.exploit-db.com/exploits/45367/" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py" }, { "reference_url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776", "reference_id": "CVE-2018-11776", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11776" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb", "reference_id": "CVE-2018-11776", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb" }, { "reference_url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC", "reference_id": "CVE-2018-11776-PYTHON-POC", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC" }, { "reference_url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65", "reference_id": "GHSA-cr6j-3jp9-rw65", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr6j-3jp9-rw65" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180822-0001/", "reference_id": "ntap-20180822-0001", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20180822-0001/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55779?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.35", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35" }, { "url": "http://public2.vulnerablecode.io/api/packages/55780?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17" } ], "aliases": [ "CVE-2018-11776", "GHSA-cr6j-3jp9-rw65" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xhe-mz8d-eyem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9882?format=api", "vulnerability_id": "VCID-1xze-jfs9-yyba", "summary": "", "references": [ { "reference_url": "http://archiva.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://archiva.apache.org/security.html" }, { "reference_url": "http://cxsecurity.com/issue/WLB-2014010087", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://cxsecurity.com/issue/WLB-2014010087" }, { "reference_url": "http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94325", "scoring_system": "epss", "scoring_elements": "0.99954", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2251" }, { "reference_url": "http://seclists.org/fulldisclosure/2013/Oct/96", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://seclists.org/fulldisclosure/2013/Oct/96" }, { "reference_url": "http://seclists.org/oss-sec/2014/q1/89", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://seclists.org/oss-sec/2014/q1/89" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90392" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6" }, { "reference_url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4140", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4140" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-016.html" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251" }, { "reference_url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "reference_url": "http://www.securitytracker.com/id/1029184", "reference_id": "1029184", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.securitytracker.com/id/1029184" }, { "reference_url": "http://www.securitytracker.com/id/1032916", "reference_id": "1032916", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.securitytracker.com/id/1032916" }, { "reference_url": "http://www.securityfocus.com/bid/61189", "reference_id": "61189", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://www.securityfocus.com/bid/61189" }, { "reference_url": "http://osvdb.org/98445", "reference_id": "98445", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/" } ], "url": "http://osvdb.org/98445" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt", "reference_id": "CVE-2013-2251", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2251", "reference_id": "CVE-2013-2251", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2251" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb", "reference_id": "CVE-2013-2251;OSVDB-95405", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb" }, { "reference_url": "https://github.com/advisories/GHSA-47qp-8v9g-39hp", "reference_id": "GHSA-47qp-8v9g-39hp", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47qp-8v9g-39hp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50419?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1" } ], "aliases": [ "CVE-2013-2251", "GHSA-47qp-8v9g-39hp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xze-jfs9-yyba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11543?format=api", "vulnerability_id": "VCID-2p29-qaqw-9fa9", "summary": "Manipulation of Struts internals\nThis package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01362", "scoring_system": "epss", "scoring_elements": "0.80482", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5209" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5209" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0002" }, { "reference_url": "https://struts.apache.org/docs/s2-026.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-026.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51573?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1" } ], "aliases": [ "CVE-2015-5209", "GHSA-4qgj-9mvg-3929" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2p29-qaqw-9fa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9908?format=api", "vulnerability_id": "VCID-2qup-v76d-8bge", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05743", "scoring_system": "epss", "scoring_elements": "0.90587", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4436" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5" }, { "reference_url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4436" }, { "reference_url": "https://struts.apache.org/docs/s2-035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-035.html" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280" }, { "reference_url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233", "reference_id": "1348233", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348233" }, { "reference_url": "https://github.com/advisories/GHSA-xm92-v2mq-842q", "reference_id": "GHSA-xm92-v2mq-842q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xm92-v2mq-842q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/51749?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2rqk-2gkx-dkds" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1" } ], "aliases": [ "CVE-2016-4436", "GHSA-xm92-v2mq-842q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qup-v76d-8bge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10140?format=api", "vulnerability_id": "VCID-4vrt-hdq4-7kc6", "summary": "", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73632", "scoring_system": "epss", "scoring_elements": "0.98834", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0393" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e" }, { "reference_url": "https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d" }, { "reference_url": "http://struts.apache.org/2.x/docs/s2-008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "reference_url": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "reference_url": "https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "reference_url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393" }, { "reference_url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/" }, { "reference_url": "http://www.exploit-db.com/exploits/18329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.exploit-db.com/exploits/18329" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=773164", "reference_id": "773164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773164" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0393", "reference_id": "CVE-2012-0393", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0393" }, { "reference_url": "https://github.com/advisories/GHSA-hxqq-w4mr-mc62", "reference_id": "GHSA-hxqq-w4mr-mc62", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hxqq-w4mr-mc62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50129?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76756?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.1" } ], "aliases": [ "CVE-2012-0393", "GHSA-hxqq-w4mr-mc62" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4vrt-hdq4-7kc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72244?format=api", "vulnerability_id": "VCID-5h58-smn3-gkh7", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91054", "scoring_system": "epss", "scoring_elements": "0.99656", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3923" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72585" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-009.html" }, { "reference_url": "http://struts.apache.org/docs/s2-009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-009.html" }, { "reference_url": "https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3923", "reference_id": "CVE-2011-3923", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3923" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-3923", "reference_id": "CVE-2011-3923", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3923" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb", "reference_id": "CVE-2011-3923;OSVDB-78501", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb" }, { "reference_url": "http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html", "reference_id": "CVE-2011-3923-YET-ANOTHER-STRUTS2.HTML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html" }, { "reference_url": "https://github.com/advisories/GHSA-j68f-8h6p-9h5q", "reference_id": "GHSA-j68f-8h6p-9h5q", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j68f-8h6p-9h5q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51612?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2" } ], "aliases": [ "CVE-2011-3923", "GHSA-j68f-8h6p-9h5q" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5h58-smn3-gkh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9792?format=api", "vulnerability_id": "VCID-6b94-6fkt-afdu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91096", "scoring_system": "epss", "scoring_elements": "0.9966", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1966" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-013" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-013.html" }, { "reference_url": "http://struts.apache.org/docs/s2-013.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-013.html" }, { "reference_url": "http://struts.apache.org/docs/s2-014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-014.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1966", "reference_id": "CVE-2013-1966", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1966" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb", "reference_id": "CVE-2013-2115;OSVDB-93645;CVE-2013-1966", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb" }, { "reference_url": "https://github.com/advisories/GHSA-737w-mh58-cxjp", "reference_id": "GHSA-737w-mh58-cxjp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-737w-mh58-cxjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50405?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2" } ], "aliases": [ "CVE-2013-1966", "GHSA-737w-mh58-cxjp" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6b94-6fkt-afdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9798?format=api", "vulnerability_id": "VCID-6f4g-r6bc-63fg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07916", "scoring_system": "epss", "scoring_elements": "0.92163", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4387" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78183" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9" }, { "reference_url": "https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-3860", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-3860" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4387", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4387" }, { "reference_url": "http://struts.apache.org/2.x/docs/s2-011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/s2-011.html" }, { "reference_url": "http://struts.apache.org/docs/s2-011.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-011.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/01/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/09/01/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/09/01/5" }, { "reference_url": "https://github.com/advisories/GHSA-hrgc-54mv-58gv", "reference_id": "GHSA-hrgc-54mv-58gv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hrgc-54mv-58gv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50192?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1" } ], "aliases": [ "CVE-2012-4387", "GHSA-hrgc-54mv-58gv" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4g-r6bc-63fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10247?format=api", "vulnerability_id": "VCID-7pys-7ux7-fkfa", "summary": "XWork ParameterInterceptors bypass allows remote command execution\nThe OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.", "references": [ { "reference_url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16" }, { "reference_url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92533", "scoring_system": "epss", "scoring_elements": "0.99749", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1870" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-003" }, { "reference_url": "http://seclists.org/fulldisclosure/2010/Jul/183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2010/Jul/183" }, { "reference_url": "http://seclists.org/fulldisclosure/2020/Oct/23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2020/Oct/23" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "http://struts.apache.org/2.2.1/docs/s2-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.2.1/docs/s2-005.html" }, { "reference_url": "http://struts.apache.org/docs/s2-005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-005.html" }, { "reference_url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123727", "reference_id": "1123727", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1123727" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1870", "reference_id": "CVE-2010-1870", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-1870" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt", "reference_id": "CVE-2010-1870;OSVDB-66280", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb", "reference_id": "CVE-2010-1870;OSVDB-66280", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb" }, { "reference_url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html", "reference_id": "CVE-2010-1870-STRUTS2XWORK-REMOTE.HTML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html" }, { "reference_url": "https://github.com/advisories/GHSA-x5fc-pgpx-59j5", "reference_id": "GHSA-x5fc-pgpx-59j5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x5fc-pgpx-59j5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50070?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-4vrt-hdq4-7kc6" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mfq8-9cbx-qkau" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-x851-jd32-vbgb" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-y6zz-57nn-ubd1" }, { "vulnerability": "VCID-ytqw-ezfq-n7fz" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1" } ], "aliases": [ "CVE-2010-1870", "GHSA-x5fc-pgpx-59j5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pys-7ux7-fkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10076?format=api", "vulnerability_id": "VCID-8huk-86a6-27cw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05068", "scoring_system": "epss", "scoring_elements": "0.89938", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3093" }, { "reference_url": "https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92" }, { "reference_url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E" }, { "reference_url": "https://struts.apache.org/docs/s2-034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-034.html" }, { "reference_url": "http://struts.apache.org/docs/s2-034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-034.html" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987854" }, { "reference_url": "http://www.securityfocus.com/bid/90961", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90961" }, { "reference_url": "http://www.securitytracker.com/id/1036018", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036018" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341677", "reference_id": "1341677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341677" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093", "reference_id": "CVE-2016-3093", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3093" }, { "reference_url": "https://github.com/advisories/GHSA-383p-xqxx-rrmp", "reference_id": "GHSA-383p-xqxx-rrmp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-383p-xqxx-rrmp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" } ], "aliases": [ "CVE-2016-3093", "GHSA-383p-xqxx-rrmp" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8huk-86a6-27cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10093?format=api", "vulnerability_id": "VCID-8zze-44sk-audx", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24626", "scoring_system": "epss", "scoring_elements": "0.96227", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3082" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f" }, { "reference_url": "http://struts.apache.org/docs/s2-031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-031.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082", "reference_id": "CVE-2016-3082", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51622?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1" } ], "aliases": [ "CVE-2016-3082", "GHSA-pvm9-288c-v5wq" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8zze-44sk-audx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17814?format=api", "vulnerability_id": "VCID-b4nv-2pd9-pqdw", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31042", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34396" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-064", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-064" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396", "reference_id": "CVE-2023-34396", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34396" }, { "reference_url": "https://github.com/advisories/GHSA-4g42-gqrg-4633", "reference_id": "GHSA-4g42-gqrg-4633", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g42-gqrg-4633" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64296?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/64297?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34396", "GHSA-4g42-gqrg-4633" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4nv-2pd9-pqdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11619?format=api", "vulnerability_id": "VCID-c5xy-yhrn-fqf2", "summary": "Cross-Site Scripting vulnerability on \"Problem Report\" screen\nWhen Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.", "references": [ { "reference_url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html" }, { "reference_url": "http://jvn.jp/en/jp/JVN95989300/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN95989300/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01198", "scoring_system": "epss", "scoring_elements": "0.79199", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5169" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260087" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5169" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0003" }, { "reference_url": "https://struts.apache.org/docs/s2-025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-025.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2015-5169", "GHSA-vwhv-j36g-5rm8" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5xy-yhrn-fqf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14889?format=api", "vulnerability_id": "VCID-ce3p-yaze-v7fy", "summary": "Remote code execution in Apache Struts\nForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://jvn.jp/en/jp/JVN43969166/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://jvn.jp/en/jp/JVN43969166/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94373", "scoring_system": "epss", "scoring_elements": "0.99967", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17530" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-061", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-061" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645", "reference_id": "1905645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905645" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530", "reference_id": "CVE-2020-17530", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17530" }, { "reference_url": "https://github.com/advisories/GHSA-jc35-q369-45pv", "reference_id": "GHSA-jc35-q369-45pv", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jc35-q369-45pv" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210115-0005/", "reference_id": "ntap-20210115-0005", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210115-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59402?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.26", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26" } ], "aliases": [ "CVE-2020-17530", "GHSA-jc35-q369-45pv" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ce3p-yaze-v7fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58209?format=api", "vulnerability_id": "VCID-dhnk-x3gc-z7hs", "summary": "", "references": [ { "reference_url": "http://issues.apache.org/struts/browse/WW-2779", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://issues.apache.org/struts/browse/WW-2779" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83102", "scoring_system": "epss", "scoring_elements": "0.99277", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6505" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/04fcefa44bae1263c7cad6986a9dafed67f0164f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/04fcefa44bae1263c7cad6986a9dafed67f0164f" }, { "reference_url": "https://github.com/apache/struts/commit/1f1c996eb1f0f3e2193fba0075f62ccd04e3c0c3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1f1c996eb1f0f3e2193fba0075f62ccd04e3c0c3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6505", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6505" }, { "reference_url": "http://struts.apache.org/2.x/docs/s2-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/s2-004.html" }, { "reference_url": "https://web.archive.org/web/20081208214512/http://secunia.com/advisories/32497", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081208214512/http://secunia.com/advisories/32497" }, { "reference_url": "https://web.archive.org/web/20111025094319/http://www.securityfocus.com/bid/32104", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111025094319/http://www.securityfocus.com/bid/32104" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32565.txt", "reference_id": "CVE-2008-6505;OSVDB-49734", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32565.txt" }, { "reference_url": "https://www.securityfocus.com/bid/32104/info", "reference_id": "CVE-2008-6505;OSVDB-49734", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/32104/info" }, { "reference_url": "https://github.com/advisories/GHSA-wv7g-xhvw-8hcp", "reference_id": "GHSA-wv7g-xhvw-8hcp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wv7g-xhvw-8hcp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51606?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.0.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-4vrt-hdq4-7kc6" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-7pys-7ux7-fkfa" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mfq8-9cbx-qkau" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-x851-jd32-vbgb" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-y6zz-57nn-ubd1" }, { "vulnerability": "VCID-ytqw-ezfq-n7fz" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/240094?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51609?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-4vrt-hdq4-7kc6" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-7pys-7ux7-fkfa" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mfq8-9cbx-qkau" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-x851-jd32-vbgb" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-y6zz-57nn-ubd1" }, { "vulnerability": "VCID-ytqw-ezfq-n7fz" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.6" } ], "aliases": [ "CVE-2008-6505", "GHSA-wv7g-xhvw-8hcp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhnk-x3gc-z7hs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/95169?format=api", "vulnerability_id": "VCID-dzkb-wjvw-qufb", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html" }, { "reference_url": "http://jvn.jp/en/jp/JVN88408929/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN88408929/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00992", "scoring_system": "epss", "scoring_elements": "0.77207", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2992" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-025", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-025" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/Security", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/Security" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200330-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200330-0001" }, { "reference_url": "http://www.securityfocus.com/bid/76624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/76624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260101", "reference_id": "1260101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1260101" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2992", "reference_id": "CVE-2015-2992", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2992" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2015-2992", "GHSA-265r-pp83-gww7" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dzkb-wjvw-qufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9758?format=api", "vulnerability_id": "VCID-ee2d-r8vy-skhq", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01235", "scoring_system": "epss", "scoring_elements": "0.79528", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java" }, { "reference_url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2162" }, { "reference_url": "http://struts.apache.org/docs/s2-030.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-030.html" }, { "reference_url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070" }, { "reference_url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724", "reference_id": "1326724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326724" }, { "reference_url": "https://github.com/advisories/GHSA-2j4q-9fff-236j", "reference_id": "GHSA-2j4q-9fff-236j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2j4q-9fff-236j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-2162", "GHSA-2j4q-9fff-236j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ee2d-r8vy-skhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9850?format=api", "vulnerability_id": "VCID-es18-pf68-h3de", "summary": "", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06168", "scoring_system": "epss", "scoring_elements": "0.90973", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4316" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1" }, { "reference_url": "https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4316" }, { "reference_url": "http://struts.apache.org/docs/s2-019.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-019.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-019.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013036", "reference_id": "1013036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013036" }, { "reference_url": "https://github.com/advisories/GHSA-j7h6-xr7g-m2c5", "reference_id": "GHSA-j7h6-xr7g-m2c5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j7h6-xr7g-m2c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50522?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2" } ], "aliases": [ "CVE-2013-4316", "GHSA-j7h6-xr7g-m2c5" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es18-pf68-h3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9966?format=api", "vulnerability_id": "VCID-ev69-3d1j-nuac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02629", "scoring_system": "epss", "scoring_elements": "0.85946", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4003" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc" }, { "reference_url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9" }, { "reference_url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e" }, { "reference_url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2" }, { "reference_url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4507", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4507" }, { "reference_url": "http://struts.apache.org/docs/s2-028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-028.html" }, { "reference_url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311" }, { "reference_url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268" }, { "reference_url": "http://www.securityfocus.com/bid/86311", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/86311" }, { "reference_url": "http://www.securitytracker.com/id/1035268", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035268" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725", "reference_id": "1326725", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326725" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003", "reference_id": "CVE-2016-4003", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-4003", "GHSA-m3x6-9v6h-4g28" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev69-3d1j-nuac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9804?format=api", "vulnerability_id": "VCID-f4kx-q41m-5qer", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94228", "scoring_system": "epss", "scoring_elements": "0.99929", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12611" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa" }, { "reference_url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f" }, { "reference_url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001" }, { "reference_url": "https://struts.apache.org/docs/s2-053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-053.html" }, { "reference_url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829" }, { "reference_url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html" }, { "reference_url": "http://www.securityfocus.com/bid/100829", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478", "reference_id": "1489478", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489478" }, { "reference_url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py", "reference_id": "CVE-2017-12611", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611", "reference_id": "CVE-2017-12611", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12611" }, { "reference_url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm", "reference_id": "GHSA-8fx9-5hx8-crhm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fx9-5hx8-crhm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/53059?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.34", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/52699?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-tmm5-hrp4-r7hy" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73935?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52701?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12" } ], "aliases": [ "CVE-2017-12611", "GHSA-8fx9-5hx8-crhm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4kx-q41m-5qer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15596?format=api", "vulnerability_id": "VCID-fmf4-k1py-g7fh", "summary": "Unrestricted Upload of File with Dangerous Type\nA local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00588", "scoring_system": "epss", "scoring_elements": "0.69462", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1592" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-5055", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-5055" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E" }, { "reference_url": "https://seclists.org/bugtraq/2012/Mar/110", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2012/Mar/110" }, { "reference_url": "https://struts.apache.org/security/#internal-security-mechanism", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/security/#internal-security-mechanism" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/28/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/12" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2012-1592" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1592" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1592", "reference_id": "CVE-2012-1592", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1592" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml" }, { "reference_url": "https://www.securityfocus.com/bid/52702/info", "reference_id": "CVE-2012-1592;OSVDB-80547", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/52702/info" }, { "reference_url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf", "reference_id": "GHSA-8m5q-crqq-6pmf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8m5q-crqq-6pmf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2012-1592", "GHSA-8m5q-crqq-6pmf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fmf4-k1py-g7fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9739?format=api", "vulnerability_id": "VCID-gbqn-ywy3-d7cu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2134", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90936", "scoring_system": "epss", "scoring_elements": "0.99648", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2134" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-015" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201409-04.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0" }, { "reference_url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f" }, { "reference_url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3" }, { "reference_url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4090", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4090" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4094" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4095", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4095" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-015.html" }, { "reference_url": "http://struts.apache.org/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-015.html" }, { "reference_url": "https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346" }, { "reference_url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2134", "reference_id": "CVE-2013-2134", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2134" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt", "reference_id": "CVE-2013-2134;OSVDB-93969", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt" }, { "reference_url": "https://www.securityfocus.com/bid/60345/info", "reference_id": "CVE-2013-2134;OSVDB-93969", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/60345/info" }, { "reference_url": "https://github.com/advisories/GHSA-gqqm-564f-vvxq", "reference_id": "GHSA-gqqm-564f-vvxq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-gqqm-564f-vvxq" }, { "reference_url": "https://security.gentoo.org/glsa/201409-04", "reference_id": "GLSA-201409-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201409-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50415?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3" } ], "aliases": [ "CVE-2013-2134", "GHSA-gqqm-564f-vvxq" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbqn-ywy3-d7cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9879?format=api", "vulnerability_id": "VCID-hkhz-8ee5-57fm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8761", "scoring_system": "epss", "scoring_elements": "0.9948", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2115" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=967656" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-013" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-014", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-014" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650" }, { "reference_url": "https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d" }, { "reference_url": "https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6" }, { "reference_url": "https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4063", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4063" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-014.html" }, { "reference_url": "http://struts.apache.org/docs/s2-014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-014.html" }, { "reference_url": "https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2115", "reference_id": "CVE-2013-2115", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2115" }, { "reference_url": "https://github.com/advisories/GHSA-7ghm-rpc7-p7g5", "reference_id": "GHSA-7ghm-rpc7-p7g5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7ghm-rpc7-p7g5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50405?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2" } ], "aliases": [ "CVE-2013-2115", "GHSA-7ghm-rpc7-p7g5" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hkhz-8ee5-57fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16317?format=api", "vulnerability_id": "VCID-hszd-513t-xucj", "summary": "Apache Struts forced double OGNL evaluation\nApache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01704", "scoring_system": "epss", "scoring_elements": "0.82619", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4461" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0004" }, { "reference_url": "https://struts.apache.org/docs/s2-036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-036.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461", "reference_id": "CVE-2016-4461", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4461" }, { "reference_url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj", "reference_id": "GHSA-864w-r5qj-h6fj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-864w-r5qj-h6fj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4461", "GHSA-864w-r5qj-h6fj" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hszd-513t-xucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10003?format=api", "vulnerability_id": "VCID-huug-6mey-9fgz", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02831", "scoring_system": "epss", "scoring_elements": "0.86434", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0116" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0116" }, { "reference_url": "http://struts.apache.org/docs/s2-022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-022.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116" }, { "reference_url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558", "reference_id": "1094558", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50756?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0116", "GHSA-hmhq-382q-mp56" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-huug-6mey-9fgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15495?format=api", "vulnerability_id": "VCID-jyrs-6kjh-3qfa", "summary": "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')\nThe fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93788", "scoring_system": "epss", "scoring_elements": "0.99865", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31805" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-062", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-062" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220420-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220420-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220420-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/12/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/12/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788", "reference_id": "2074788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074788" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805", "reference_id": "CVE-2021-31805", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31805" }, { "reference_url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c", "reference_id": "GHSA-v8j6-6c2r-r27c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8j6-6c2r-r27c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60334?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30" } ], "aliases": [ "CVE-2021-31805", "GHSA-v8j6-6c2r-r27c" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyrs-6kjh-3qfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10147?format=api", "vulnerability_id": "VCID-k6eu-y8xc-5kbj", "summary": "", "references": [ { "reference_url": "http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html" }, { "reference_url": "http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07545", "scoring_system": "epss", "scoring_elements": "0.91947", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7809" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7809" }, { "reference_url": "http://struts.apache.org/docs/s2-023.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-023.html" }, { "reference_url": "https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309" }, { "reference_url": "https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548" }, { "reference_url": "https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172133", "reference_id": "1172133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1172133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-7809", "GHSA-h4v9-jf2r-9h6m" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6eu-y8xc-5kbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10002?format=api", "vulnerability_id": "VCID-knq3-w2wm-4uae", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" }, { "reference_url": "http://jvn.jp/en/jp/JVN19294237/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN19294237/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93134", "scoring_system": "epss", "scoring_elements": "0.99799", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0094" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f" }, { "reference_url": "https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "reference_url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073716", "reference_id": "1073716", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073716" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0094", "reference_id": "CVE-2014-0094", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0094" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb", "reference_id": "CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb" }, { "reference_url": "https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb", "reference_id": "CVE-2014-0114;CVE-2014-0112;CVE-2014-0094", "reference_type": "exploit", "scores": [], "url": "https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb", "reference_id": "CVE-2014-0114;CVE-2014-0112;CVE-2014-0094", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb" }, { "reference_url": "https://github.com/advisories/GHSA-vrwc-qjmw-5rjm", "reference_id": "GHSA-vrwc-qjmw-5rjm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vrwc-qjmw-5rjm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50677?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" } ], "aliases": [ "CVE-2014-0094", "GHSA-vrwc-qjmw-5rjm" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knq3-w2wm-4uae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9996?format=api", "vulnerability_id": "VCID-mfq8-9cbx-qkau", "summary": "", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.87528", "scoring_system": "epss", "scoring_elements": "0.99477", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0391" }, { "reference_url": "http://secunia.com/advisories/47393", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/" } ], "url": "http://secunia.com/advisories/47393" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e" }, { "reference_url": "https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b" }, { "reference_url": "https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-3668", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/" } ], "url": "https://issues.apache.org/jira/browse/WW-3668" }, { "reference_url": "http://struts.apache.org/2.x/docs/s2-008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/" } ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "reference_url": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/" } ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391" }, { "reference_url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/" } ], "url": "https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "reference_url": "http://www.exploit-db.com/exploits/18329", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/" } ], "url": "http://www.exploit-db.com/exploits/18329" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=773159", "reference_id": "773159", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773159" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0391", "reference_id": "CVE-2012-0391", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0391" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb", "reference_id": "CVE-2012-0391;OSVDB-78277", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt", "reference_id": "CVE-2012-0394;CVE-2012-0393;CVE-2012-0392;CVE-2012-0391;OSVDB-78277;OSVDB-78276;OSVDB-78109;OSVDB-78108", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt" }, { "reference_url": "https://github.com/advisories/GHSA-4wrr-9h5r-m92w", "reference_id": "GHSA-4wrr-9h5r-m92w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4wrr-9h5r-m92w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50129?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1" } ], "aliases": [ "CVE-2012-0391", "GHSA-4wrr-9h5r-m92w" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfq8-9cbx-qkau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9712?format=api", "vulnerability_id": "VCID-mw23-ujhz-a7cs", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.83013", "scoring_system": "epss", "scoring_elements": "0.99272", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2135" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-015", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-015" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e" }, { "reference_url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0" }, { "reference_url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f" }, { "reference_url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe" }, { "reference_url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3" }, { "reference_url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3" }, { "reference_url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1" }, { "reference_url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4090", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4090" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4094" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4095", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4095" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-015.html" }, { "reference_url": "http://struts.apache.org/docs/s2-015.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-015.html" }, { "reference_url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2135", "reference_id": "CVE-2013-2135", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2135" }, { "reference_url": "https://github.com/advisories/GHSA-pw8r-x2qm-3h5m", "reference_id": "GHSA-pw8r-x2qm-3h5m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pw8r-x2qm-3h5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50415?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3" } ], "aliases": [ "CVE-2013-2135", "GHSA-pw8r-x2qm-3h5m" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mw23-ujhz-a7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22068?format=api", "vulnerability_id": "VCID-mxqs-9njm-hbhq", "summary": "Apache Struts 2 is Missing XML Validation\nMissing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.1023", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68493" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-069", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-069" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/01/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/01/11/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559", "reference_id": "2428559", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428559" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493", "reference_id": "CVE-2025-68493", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68493" }, { "reference_url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7", "reference_id": "GHSA-qcfc-hmrc-59x7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcfc-hmrc-59x7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/111057?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5-BETA1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72104?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1" } ], "aliases": [ "CVE-2025-68493", "GHSA-qcfc-hmrc-59x7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mxqs-9njm-hbhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14411?format=api", "vulnerability_id": "VCID-nb8f-hdtw-9fdk", "summary": "Improperly Controlled Modification of Dynamically-Determined Object Attributes\nApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html" }, { "reference_url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93849", "scoring_system": "epss", "scoring_elements": "0.99875", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0230" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-059", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-059" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672", "reference_id": "1869672", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869672" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py", "reference_id": "CVE-2019-0230", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230", "reference_id": "CVE-2019-0230", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0230" }, { "reference_url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727", "reference_id": "GHSA-wp4h-pvgw-5727", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wp4h-pvgw-5727" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0230", "GHSA-wp4h-pvgw-5727" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nb8f-hdtw-9fdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/21799?format=api", "vulnerability_id": "VCID-nfn8-r3bb-kka7", "summary": "Apache Struts has a Denial of Service vulnerability\nDenial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00201", "scoring_system": "epss", "scoring_elements": "0.42101", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-66675" }, { "reference_url": "https://cve.org/CVERecord?id=CVE-2025-64775", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cve.org/CVERecord?id=CVE-2025-64775" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-068", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-068" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675", "reference_id": "CVE-2025-66675", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66675" }, { "reference_url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw", "reference_id": "GHSA-rg58-xhh7-mqjw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg58-xhh7-mqjw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71474?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/71475?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@7.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1" } ], "aliases": [ "CVE-2025-66675", "GHSA-rg58-xhh7-mqjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfn8-r3bb-kka7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10428?format=api", "vulnerability_id": "VCID-nqwc-36ke-b3ff", "summary": "XSS via malicious action parameter\nMultiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to `actionNames.action` and `showConfig.action` in `config-browser/`.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02766", "scoring_system": "epss", "scoring_elements": "0.86282", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6348" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348" }, { "reference_url": "http://seclists.org/fulldisclosure/2013/Oct/244", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2013/Oct/244" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4213", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4213" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6348" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2013-6348" }, { "reference_url": "https://svn.apache.org/viewvc?view=revision&revision=1533354", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://svn.apache.org/viewvc?view=revision&revision=1533354" }, { "reference_url": "https://ubuntu.com/security/CVE-2013-6348", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ubuntu.com/security/CVE-2013-6348" }, { "reference_url": "https://github.com/advisories/GHSA-3g8j-jj54-3vjg", "reference_id": "GHSA-3g8j-jj54-3vjg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3g8j-jj54-3vjg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51618?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16" } ], "aliases": [ "CVE-2013-6348", "GHSA-3g8j-jj54-3vjg" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nqwc-36ke-b3ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16549?format=api", "vulnerability_id": "VCID-pjsc-j2a1-7qdj", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) \" (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6682", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0143", "scoring_system": "epss", "scoring_elements": "0.80964", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-6682" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6" }, { "reference_url": "https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb" }, { "reference_url": "https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486" }, { "reference_url": "https://issues.apache.org/struts/browse/WW-2414", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/struts/browse/WW-2414" }, { "reference_url": "https://issues.apache.org/struts/browse/WW-2427", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/struts/browse/WW-2427" }, { "reference_url": "https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html" }, { "reference_url": "https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html" }, { "reference_url": "https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6682", "reference_id": "CVE-2008-6682", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6682" }, { "reference_url": "https://github.com/advisories/GHSA-jgcr-9c2q-rvp8", "reference_id": "GHSA-jgcr-9c2q-rvp8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jgcr-9c2q-rvp8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62276?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.0.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-4vrt-hdq4-7kc6" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-7pys-7ux7-fkfa" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dhnk-x3gc-z7hs" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mfq8-9cbx-qkau" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-x851-jd32-vbgb" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-y6zz-57nn-ubd1" }, { "vulnerability": "VCID-ytqw-ezfq-n7fz" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54224?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q92-5sz9-2kd3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.1" } ], "aliases": [ "CVE-2008-6682", "GHSA-jgcr-9c2q-rvp8" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjsc-j2a1-7qdj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9782?format=api", "vulnerability_id": "VCID-pjw9-sxen-b3cu", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17798", "scoring_system": "epss", "scoring_elements": "0.95244", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0785" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364" }, { "reference_url": "http://struts.apache.org/docs/s2-029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/docs/s2-029.html" }, { "reference_url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066" }, { "reference_url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720", "reference_id": "1326720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1326720" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785", "reference_id": "CVE-2016-0785", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0785" }, { "reference_url": "https://github.com/advisories/GHSA-876p-4wgc-75rx", "reference_id": "GHSA-876p-4wgc-75rx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-876p-4wgc-75rx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51621?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51574?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.24.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/51620?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.28", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28" } ], "aliases": [ "CVE-2016-0785", "GHSA-876p-4wgc-75rx" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pjw9-sxen-b3cu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9750?format=api", "vulnerability_id": "VCID-pmr8-6zz1-ryf2", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91789", "scoring_system": "epss", "scoring_elements": "0.99701", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1965" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=967655", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=967655" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56" }, { "reference_url": "http://struts.apache.org/development/2.x/docs/s2-012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/development/2.x/docs/s2-012.html" }, { "reference_url": "http://struts.apache.org/docs/s2-012.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-012.html" }, { "reference_url": "https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082" }, { "reference_url": "http://www.securityfocus.com/bid/60082", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/60082" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1965", "reference_id": "CVE-2013-1965", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1965" }, { "reference_url": "https://github.com/advisories/GHSA-whmq-v94q-34p9", "reference_id": "GHSA-whmq-v94q-34p9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-whmq-v94q-34p9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50415?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.14.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3" } ], "aliases": [ "CVE-2013-1965", "GHSA-whmq-v94q-34p9" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmr8-6zz1-ryf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10310?format=api", "vulnerability_id": "VCID-pr67-cm26-w7hm", "summary": "CSRF protection bypass\nThe token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03235", "scoring_system": "epss", "scoring_elements": "0.87302", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4386" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78182", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78182" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-3858", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-3858" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4386", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4386" }, { "reference_url": "http://struts.apache.org/2.x/docs/s2-010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/s2-010.html" }, { "reference_url": "http://struts.apache.org/docs/s2-010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-010.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/01/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/09/01/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/01/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/09/01/5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50192?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1" } ], "aliases": [ "CVE-2012-4386", "GHSA-2rvh-q539-q33v" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pr67-cm26-w7hm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10165?format=api", "vulnerability_id": "VCID-q9p6-sxpv-g7gp", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110" }, { "reference_url": "http://jvn.jp/en/jp/JVN07710476/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN07710476/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.62087", "scoring_system": "epss", "scoring_elements": "0.9837", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4438" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348238" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c" }, { "reference_url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d" }, { "reference_url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c" }, { "reference_url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b" }, { "reference_url": "https://struts.apache.org/docs/s2-037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-037.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438", "reference_id": "CVE-2016-4438", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4438" }, { "reference_url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr", "reference_id": "GHSA-4prj-vw9j-v6pr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4prj-vw9j-v6pr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51748?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29" } ], "aliases": [ "CVE-2016-4438", "GHSA-4prj-vw9j-v6pr" ], "risk_score": 0.3, "exploitability": "0.5", "weighted_severity": "0.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q9p6-sxpv-g7gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17800?format=api", "vulnerability_id": "VCID-rxsu-5hkz-ube8", "summary": "Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20766", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-34149" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-063", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-063" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_2_5_31" }, { "reference_url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/06/14/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/06/14/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149", "reference_id": "CVE-2023-34149", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34149" }, { "reference_url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc", "reference_id": "GHSA-8f6x-v685-g2xc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f6x-v685-g2xc" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230706-0005/", "reference_id": "ntap-20230706-0005", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230706-0005/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64296?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.31", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31" }, { "url": "http://public2.vulnerablecode.io/api/packages/64297?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.1.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1" } ], "aliases": [ "CVE-2023-34149", "GHSA-8f6x-v685-g2xc" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsu-5hkz-ube8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16396?format=api", "vulnerability_id": "VCID-sd6f-umkv-ffc2", "summary": "Improper Input Validation\nThe TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02195", "scoring_system": "epss", "scoring_elements": "0.84682", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3090" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20180629-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180629-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180629-0005/" }, { "reference_url": "https://struts.apache.org/docs/s2-027.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://struts.apache.org/docs/s2-027.html" }, { "reference_url": "https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131" }, { "reference_url": "https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3090", "reference_id": "CVE-2016-3090", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3090" }, { "reference_url": "https://github.com/advisories/GHSA-ggmp-fxfg-277r", "reference_id": "GHSA-ggmp-fxfg-277r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggmp-fxfg-277r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2016-3090", "GHSA-ggmp-fxfg-277r" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd6f-umkv-ffc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9736?format=api", "vulnerability_id": "VCID-sgb7-h4sp-dbgf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91954", "scoring_system": "epss", "scoring_elements": "0.99712", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2248" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6" }, { "reference_url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-4140", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-4140" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2248", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2248" }, { "reference_url": "http://struts.apache.org/docs/s2-017.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-017.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-017.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt", "reference_id": "CVE-2013-2248;OSVDB-95406", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt" }, { "reference_url": "https://www.securityfocus.com/bid/61196/info", "reference_id": "CVE-2013-2248;OSVDB-95406", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/61196/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50419?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1" } ], "aliases": [ "CVE-2013-2248", "GHSA-rpj9-r897-wc6q" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgb7-h4sp-dbgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135659?format=api", "vulnerability_id": "VCID-t9vy-6y7q-e3ac", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0778", "scoring_system": "epss", "scoring_elements": "0.92087", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0233" }, { "reference_url": "https://cwiki.apache.org/confluence/display/ww/s2-060", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/ww/s2-060" }, { "reference_url": "https://launchpad.support.sap.com/#/notes/2982840", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.support.sap.com/#/notes/2982840" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0233" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682", "reference_id": "1869682", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1869682" }, { "reference_url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm", "reference_id": "GHSA-ccp5-gg58-pxfm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ccp5-gg58-pxfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58678?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22" } ], "aliases": [ "CVE-2019-0233", "GHSA-ccp5-gg58-pxfm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9vy-6y7q-e3ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10118?format=api", "vulnerability_id": "VCID-ubk6-8mnk-bqet", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045" }, { "reference_url": "http://jvn.jp/en/jp/JVN19294237/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN19294237/index.html" }, { "reference_url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0910" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91525", "scoring_system": "epss", "scoring_elements": "0.99685", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0112" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0112" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50677?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0112", "GHSA-prjv-jj26-wf8h" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubk6-8mnk-bqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18992?format=api", "vulnerability_id": "VCID-uza5-qvgq-a3gm", "summary": "Files or Directories Accessible to External Parties\nAn attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92896", "scoring_system": "epss", "scoring_elements": "0.99777", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50164" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-066", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-066" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163" }, { "reference_url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6" }, { "reference_url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231214-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20231214-0010" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/07/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938", "reference_id": "2253938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253938" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164", "reference_id": "CVE-2023-50164", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50164" }, { "reference_url": "https://github.com/advisories/GHSA-2j39-qcjm-428w", "reference_id": "GHSA-2j39-qcjm-428w", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j39-qcjm-428w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66888?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.5.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-vjz7-vh5w-aygh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/66889?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@6.3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2" } ], "aliases": [ "CVE-2023-50164", "GHSA-2j39-qcjm-428w" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uza5-qvgq-a3gm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9763?format=api", "vulnerability_id": "VCID-x851-jd32-vbgb", "summary": "", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90286", "scoring_system": "epss", "scoring_elements": "0.99613", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0392" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e" }, { "reference_url": "https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58" }, { "reference_url": "https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html" }, { "reference_url": "http://struts.apache.org/2.x/docs/s2-008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/s2-008.html" }, { "reference_url": "http://struts.apache.org/2.x/docs/version-notes-2311.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/version-notes-2311.html" }, { "reference_url": "https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt" }, { "reference_url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393" }, { "reference_url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/" }, { "reference_url": "http://www.exploit-db.com/exploits/18329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.exploit-db.com/exploits/18329" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=773162", "reference_id": "773162", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=773162" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0392", "reference_id": "CVE-2012-0392", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0392" }, { "reference_url": "https://github.com/advisories/GHSA-2ppp-xj34-vvf7", "reference_id": "GHSA-2ppp-xj34-vvf7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2ppp-xj34-vvf7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50129?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1" } ], "aliases": [ "CVE-2012-0392", "GHSA-2ppp-xj34-vvf7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x851-jd32-vbgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10197?format=api", "vulnerability_id": "VCID-y65y-kv8s-q3ef", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4310", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08725", "scoring_system": "epss", "scoring_elements": "0.92624", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4310" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4310", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4310" }, { "reference_url": "http://struts.apache.org/docs/s2-018.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-018.html" }, { "reference_url": "http://struts.apache.org/release/2.3.x/docs/s2-018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/release/2.3.x/docs/s2-018.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013030", "reference_id": "1013030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50523?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.15.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3" } ], "aliases": [ "CVE-2013-4310", "GHSA-q5q8-jghf-3pm3" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y65y-kv8s-q3ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10092?format=api", "vulnerability_id": "VCID-y6zz-57nn-ubd1", "summary": "", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012" }, { "reference_url": "http://jvn.jp/en/jp/JVN79099262/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN79099262/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11109", "scoring_system": "epss", "scoring_elements": "0.93588", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0838" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e" }, { "reference_url": "https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b" }, { "reference_url": "https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-3668", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-3668" }, { "reference_url": "http://struts.apache.org/2.3.1.2/docs/s2-007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.3.1.2/docs/s2-007.html" }, { "reference_url": "http://struts.apache.org/docs/s2-007.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-007.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799980", "reference_id": "799980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799980" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0838", "reference_id": "CVE-2012-0838", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0838" }, { "reference_url": "https://github.com/advisories/GHSA-mwrx-hx6x-3hhv", "reference_id": "GHSA-mwrx-hx6x-3hhv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mwrx-hx6x-3hhv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50129?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1" } ], "aliases": [ "CVE-2012-0838", "GHSA-mwrx-hx6x-3hhv" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6zz-57nn-ubd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10259?format=api", "vulnerability_id": "VCID-ytqw-ezfq-n7fz", "summary": "Multiple XSS flaws in XWork\nMultiple cross-site scripting (XSS) vulnerabilities in XWork allow remote attackers to inject arbitrary web script or HTML via vectors involving an action name, the action attribute of an s:submit element, or the method attribute of an `s:submit` element.", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106" }, { "reference_url": "http://jvn.jp/en/jp/JVN25435092/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://jvn.jp/en/jp/JVN25435092/index.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.59227", "scoring_system": "epss", "scoring_elements": "0.98269", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1772" }, { "reference_url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://issues.apache.org/jira/browse/WW-3579", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/WW-3579" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1772", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1772" }, { "reference_url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.2.3/docs/version-notes-223.html" }, { "reference_url": "http://struts.apache.org/2.x/docs/s2-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://struts.apache.org/2.x/docs/s2-006.html" }, { "reference_url": "http://struts.apache.org/docs/s2-006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-006.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=723827", "reference_id": "723827", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=723827" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt", "reference_id": "CVE-2011-1772;OSVDB-72238", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt" }, { "reference_url": "https://www.securityfocus.com/bid/47784/info", "reference_id": "CVE-2011-1772;OSVDB-72238", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/47784/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50097?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-1xze-jfs9-yyba" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-4vrt-hdq4-7kc6" }, { "vulnerability": "VCID-5h58-smn3-gkh7" }, { "vulnerability": "VCID-6b94-6fkt-afdu" }, { "vulnerability": "VCID-6f4g-r6bc-63fg" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-es18-pf68-h3de" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-gbqn-ywy3-d7cu" }, { "vulnerability": "VCID-hkhz-8ee5-57fm" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-knq3-w2wm-4uae" }, { "vulnerability": "VCID-mfq8-9cbx-qkau" }, { "vulnerability": "VCID-mw23-ujhz-a7cs" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-nqwc-36ke-b3ff" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-pmr8-6zz1-ryf2" }, { "vulnerability": "VCID-pr67-cm26-w7hm" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-sgb7-h4sp-dbgf" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-ubk6-8mnk-bqet" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-x851-jd32-vbgb" }, { "vulnerability": "VCID-y65y-kv8s-q3ef" }, { "vulnerability": "VCID-y6zz-57nn-ubd1" }, { "vulnerability": "VCID-zkdp-x1s4-jbbx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3" } ], "aliases": [ "CVE-2011-1772", "GHSA-56f8-g68r-j699" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytqw-ezfq-n7fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9930?format=api", "vulnerability_id": "VCID-zkdp-x1s4-jbbx", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.82455", "scoring_system": "epss", "scoring_elements": "0.99249", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0113" }, { "reference_url": "https://cwiki.apache.org/confluence/display/WW/S2-021", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "reference_url": "https://github.com/apache/struts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/struts" }, { "reference_url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0113" }, { "reference_url": "http://struts.apache.org/docs/s2-021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://struts.apache.org/docs/s2-021.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092201", "reference_id": "1092201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092201" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/50677?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.16.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-c5xy-yhrn-fqf2" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-dzkb-wjvw-qufb" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-huug-6mey-9fgz" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-k6eu-y8xc-5kbj" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-sd6f-umkv-ffc2" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/51012?format=api", "purl": "pkg:maven/org.apache.struts/struts2-core@2.3.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1tfj-xmkp-bbfr" }, { "vulnerability": "VCID-1xhe-mz8d-eyem" }, { "vulnerability": "VCID-2p29-qaqw-9fa9" }, { "vulnerability": "VCID-2qup-v76d-8bge" }, { "vulnerability": "VCID-3q92-5sz9-2kd3" }, { "vulnerability": "VCID-86yh-tym8-f3hh" }, { "vulnerability": "VCID-8huk-86a6-27cw" }, { "vulnerability": "VCID-8zze-44sk-audx" }, { "vulnerability": "VCID-aaet-jdfc-mbek" }, { "vulnerability": "VCID-b4nv-2pd9-pqdw" }, { "vulnerability": "VCID-ce3p-yaze-v7fy" }, { "vulnerability": "VCID-d7b9-rv1g-qkfp" }, { "vulnerability": "VCID-ee2d-r8vy-skhq" }, { "vulnerability": "VCID-ev69-3d1j-nuac" }, { "vulnerability": "VCID-f4kx-q41m-5qer" }, { "vulnerability": "VCID-fdat-drnp-yudv" }, { "vulnerability": "VCID-fmf4-k1py-g7fh" }, { "vulnerability": "VCID-h3mw-239q-cbgn" }, { "vulnerability": "VCID-hszd-513t-xucj" }, { "vulnerability": "VCID-jyrs-6kjh-3qfa" }, { "vulnerability": "VCID-mxqs-9njm-hbhq" }, { "vulnerability": "VCID-n7x9-wj56-a7gr" }, { "vulnerability": "VCID-nb8f-hdtw-9fdk" }, { "vulnerability": "VCID-nfn8-r3bb-kka7" }, { "vulnerability": "VCID-pjw9-sxen-b3cu" }, { "vulnerability": "VCID-q9p6-sxpv-g7gp" }, { "vulnerability": "VCID-rxsu-5hkz-ube8" }, { "vulnerability": "VCID-t9vy-6y7q-e3ac" }, { "vulnerability": "VCID-uza5-qvgq-a3gm" }, { "vulnerability": "VCID-vurd-7tee-e7a9" }, { "vulnerability": "VCID-ycjb-zszd-4ufy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20" } ], "aliases": [ "CVE-2014-0113", "GHSA-3c5c-xrq4-qhr8" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkdp-x1s4-jbbx" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.9" }