VulnerableCode Package Details - pkg:maven/com.opensymphony/xwork@2.0.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-tgd1-s1yg-9fdt Aliases: CVE-2025-68493 GHSA-qcfc-hmrc-59x7	Apache Struts 2 is Missing XML Validation Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-tgd1-s1yg-9fdt
Aliases:
CVE-2025-68493
GHSA-qcfc-hmrc-59x7

Apache Struts 2 is Missing XML Validation Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-u5zn-2jp1-97h2	Improper Input Validation Remote attackers could execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a `#` representation for the `#` character.	CVE-2008-6504 GHSA-wxw2-2mx5-c5qf

Vulnerability

Summary

Aliases

VCID-u5zn-2jp1-97h2

Improper Input Validation Remote attackers could execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a `#` representation for the `#` character.

CVE-2008-6504
GHSA-wxw2-2mx5-c5qf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:07:16.479178+00:00	GitLab Importer	Affected by	VCID-tgd1-s1yg-9fdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.opensymphony/xwork/CVE-2025-68493.yml	38.4.0
2026-04-16T20:29:50.483412+00:00	GitLab Importer	Fixing	VCID-u5zn-2jp1-97h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.opensymphony/xwork/CVE-2008-6504.yml	38.4.0
2026-04-12T01:30:42.750583+00:00	GitLab Importer	Affected by	VCID-tgd1-s1yg-9fdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.opensymphony/xwork/CVE-2025-68493.yml	38.3.0
2026-04-11T21:40:22.896136+00:00	GitLab Importer	Fixing	VCID-u5zn-2jp1-97h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.opensymphony/xwork/CVE-2008-6504.yml	38.3.0
2026-04-04T14:31:17.021920+00:00	GHSA Importer	Fixing	VCID-u5zn-2jp1-97h2	https://github.com/advisories/GHSA-wxw2-2mx5-c5qf	38.1.0
2026-04-03T01:39:32.399702+00:00	GitLab Importer	Affected by	VCID-tgd1-s1yg-9fdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.opensymphony/xwork/CVE-2025-68493.yml	38.1.0
2026-04-02T21:54:24.082747+00:00	GitLab Importer	Fixing	VCID-u5zn-2jp1-97h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.opensymphony/xwork/CVE-2008-6504.yml	38.1.0
2026-04-01T13:10:54.615593+00:00	GithubOSV Importer	Fixing	VCID-u5zn-2jp1-97h2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wxw2-2mx5-c5qf/GHSA-wxw2-2mx5-c5qf.json	38.0.0
2026-04-01T12:46:45.588815+00:00	GitLab Importer	Fixing	VCID-u5zn-2jp1-97h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.opensymphony/xwork/CVE-2008-6504.yml	38.0.0