Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-u5zn-2jp1-97h2

Summary

Improper Input Validation
Remote attackers could execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a `#` representation for the `#` character.

Aliases

alias	CVE-2008-6504

alias	GHSA-wxw2-2mx5-c5qf

Fixed_packages

url pkg:maven/com.opensymphony/xwork@2.0.6

purl pkg:maven/com.opensymphony/xwork@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.0.6

url pkg:maven/com.opensymphony/xwork@2.1.2-SNAPSHOT

purl pkg:maven/com.opensymphony/xwork@2.1.2-SNAPSHOT

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.1.2-SNAPSHOT

url pkg:maven/com.opensymphony/xwork@2.1.2

purl pkg:maven/com.opensymphony/xwork@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.1.2

url	pkg:maven/org.apache.jackrabbit/oak-core@1.0.0
purl	pkg:maven/org.apache.jackrabbit/oak-core@1.0.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@1.0.0

Affected_packages

url pkg:maven/com.opensymphony/xwork@2.0-alpha0

purl pkg:maven/com.opensymphony/xwork@2.0-alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.0-alpha0

url pkg:maven/com.opensymphony/xwork@2.0.4

purl pkg:maven/com.opensymphony/xwork@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.0.4

url pkg:maven/com.opensymphony/xwork@2.0.5-SNAPSHOT

purl pkg:maven/com.opensymphony/xwork@2.0.5-SNAPSHOT

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.0.5-SNAPSHOT

url pkg:maven/com.opensymphony/xwork@2.0.5

purl pkg:maven/com.opensymphony/xwork@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.0.5

url pkg:maven/com.opensymphony/xwork@2.1-alpha0

purl pkg:maven/com.opensymphony/xwork@2.1-alpha0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.1-alpha0

url pkg:maven/com.opensymphony/xwork@2.1.0

purl pkg:maven/com.opensymphony/xwork@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.1.0

url pkg:maven/com.opensymphony/xwork@2.1.1-SNAPSHOT

purl pkg:maven/com.opensymphony/xwork@2.1.1-SNAPSHOT

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.1.1-SNAPSHOT

url pkg:maven/com.opensymphony/xwork@2.1.1

purl pkg:maven/com.opensymphony/xwork@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-tgd1-s1yg-9fdt

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.opensymphony/xwork@2.1.1

url pkg:maven/org.apache.jackrabbit/oak-core@0.5

purl pkg:maven/org.apache.jackrabbit/oak-core@0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.5

url pkg:maven/org.apache.jackrabbit/oak-core@0.6

purl pkg:maven/org.apache.jackrabbit/oak-core@0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.6

url pkg:maven/org.apache.jackrabbit/oak-core@0.7

purl pkg:maven/org.apache.jackrabbit/oak-core@0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.7

url pkg:maven/org.apache.jackrabbit/oak-core@0.8

purl pkg:maven/org.apache.jackrabbit/oak-core@0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.8

url pkg:maven/org.apache.jackrabbit/oak-core@0.9

purl pkg:maven/org.apache.jackrabbit/oak-core@0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.9

url pkg:maven/org.apache.jackrabbit/oak-core@0.10

purl pkg:maven/org.apache.jackrabbit/oak-core@0.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.10

url pkg:maven/org.apache.jackrabbit/oak-core@0.11

purl pkg:maven/org.apache.jackrabbit/oak-core@0.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.11

url pkg:maven/org.apache.jackrabbit/oak-core@0.12

purl pkg:maven/org.apache.jackrabbit/oak-core@0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.12

url pkg:maven/org.apache.jackrabbit/oak-core@0.13

purl pkg:maven/org.apache.jackrabbit/oak-core@0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.13

url pkg:maven/org.apache.jackrabbit/oak-core@0.14

purl pkg:maven/org.apache.jackrabbit/oak-core@0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.14

url pkg:maven/org.apache.jackrabbit/oak-core@0.15

purl pkg:maven/org.apache.jackrabbit/oak-core@0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.15

url pkg:maven/org.apache.jackrabbit/oak-core@0.16

purl pkg:maven/org.apache.jackrabbit/oak-core@0.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.16

url pkg:maven/org.apache.jackrabbit/oak-core@0.17.1

purl pkg:maven/org.apache.jackrabbit/oak-core@0.17.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.17.1

url pkg:maven/org.apache.jackrabbit/oak-core@0.18

purl pkg:maven/org.apache.jackrabbit/oak-core@0.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.18

url pkg:maven/org.apache.jackrabbit/oak-core@0.19

purl pkg:maven/org.apache.jackrabbit/oak-core@0.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.19

url pkg:maven/org.apache.jackrabbit/oak-core@0.20.0

purl pkg:maven/org.apache.jackrabbit/oak-core@0.20.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u5zn-2jp1-97h2

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.jackrabbit/oak-core@0.20.0

References

reference_url

http://fisheye6.atlassian.com/cru/CR-9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://fisheye6.atlassian.com/cru/CR-9

reference_url	http://fisheye6.atlassian.com/cru/CR-9/
reference_id
reference_type
scores
url	http://fisheye6.atlassian.com/cru/CR-9/

reference_url

http://issues.apache.org/struts/browse/WW-2692

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://issues.apache.org/struts/browse/WW-2692

reference_url

http://jira.opensymphony.com/browse/XW-641

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://jira.opensymphony.com/browse/XW-641

reference_url	http://osvdb.org/49732
reference_id
reference_type
scores
url	http://osvdb.org/49732

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-6504.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-6504.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-6504

reference_id

reference_type

scores

value	0.65118
scoring_system	epss
scoring_elements	0.98486
published_at	2026-04-21T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98465
published_at	2026-04-01T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98467
published_at	2026-04-02T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.9847
published_at	2026-04-04T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98471
published_at	2026-04-07T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98475
published_at	2026-04-08T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98476
published_at	2026-04-09T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98479
published_at	2026-04-11T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98478
published_at	2026-04-13T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98484
published_at	2026-04-16T12:55:00Z

value	0.65118
scoring_system	epss
scoring_elements	0.98485
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-6504

reference_url

http://secunia.com/advisories/32495

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/32495

reference_url

http://secunia.com/advisories/32497

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/32497

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/46328

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/46328

reference_url	https://fisheye6.atlassian.com/cru/CR-9/#CFR-8
reference_id
reference_type
scores
url	https://fisheye6.atlassian.com/cru/CR-9/#CFR-8

reference_url	https://issues.apache.org/jira/browse/WW-2692
reference_id
reference_type
scores
url	https://issues.apache.org/jira/browse/WW-2692

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-6504

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-6504

reference_url

http://struts.apache.org/2.x/docs/s2-003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://struts.apache.org/2.x/docs/s2-003.html

reference_url	http://struts.apache.org/release/2.2.x/docs/s2-003.html
reference_id
reference_type
scores
url	http://struts.apache.org/release/2.2.x/docs/s2-003.html

reference_url

http://web.archive.org/web/20081119232431/jira.opensymphony.com/browse/XW-641

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://web.archive.org/web/20081119232431/jira.opensymphony.com/browse/XW-641

reference_url	http://web.archive.org/web/20111023074138/http://jira.opensymphony.com/browse/XW-641
reference_id
reference_type
scores
url	http://web.archive.org/web/20111023074138/http://jira.opensymphony.com/browse/XW-641

reference_url

http://web.archive.org/web/20130807023152/https://fisheye6.atlassian.com/cru/CR-9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://web.archive.org/web/20130807023152/https://fisheye6.atlassian.com/cru/CR-9

reference_url	http://web.archive.org/web/20130807023152/https://fisheye6.atlassian.com/cru/CR-9/
reference_id
reference_type
scores
url	http://web.archive.org/web/20130807023152/https://fisheye6.atlassian.com/cru/CR-9/

reference_url

http://www.securityfocus.com/bid/32101

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/32101

reference_url

http://www.vupen.com/english/advisories/2008/3003

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2008/3003

reference_url

http://www.vupen.com/english/advisories/2008/3004

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2008/3004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1123726
reference_id	1123726
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1123726

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.11.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_id	cpe:2.3:a:apache:struts:2.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.0:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.1:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.2:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.3:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.4:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.5:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.1.0:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.1.1:::::::*
reference_id	cpe:2.3:a:opensymphony:xwork:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:2.1.1:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32564.txt
reference_id	CVE-2008-6504;OSVDB-49732
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32564.txt

reference_url	https://www.securityfocus.com/bid/32101/info
reference_id	CVE-2008-6504;OSVDB-49732
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/32101/info

reference_url

https://github.com/advisories/GHSA-wxw2-2mx5-c5qf

reference_id

GHSA-wxw2-2mx5-c5qf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wxw2-2mx5-c5qf

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

date_added	2008-11-04
description	XWork < 2.0.11.2 - 'ParameterInterceptor' Class OGNL Security Bypass
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`true`
source_date_published	2008-11-04
exploit_type	remote
platform	multiple
source_date_updated	2014-03-28
data_source	Exploit-DB
source_url	https://www.securityfocus.com/bid/32101/info

Severity_range_score 4.0 - 6.9

Exploitability 2.0

Weighted_severity 6.2

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5zn-2jp1-97h2

Vulnerability Instance