VulnerableCode Package Details - pkg:maven/org.apache.struts.xwork/xwork-core@2.3.29

Search for packages

Vulnerability	Summary	Fixed by
VCID-tgd1-s1yg-9fdt Aliases: CVE-2025-68493 GHSA-qcfc-hmrc-59x7	Apache Struts 2 is Missing XML Validation Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-tgd1-s1yg-9fdt
Aliases:
CVE-2025-68493
GHSA-qcfc-hmrc-59x7

Apache Struts 2 is Missing XML Validation Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
VCID-js22-usgt-8qd9	Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.	CVE-2016-4430 GHSA-38qw-j787-v8c2
VCID-zc1y-ff37-nqat	Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.	CVE-2016-4433 GHSA-wm8w-qp2f-728q

Vulnerability

Summary

Aliases

VCID-js22-usgt-8qd9

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.

CVE-2016-4430
GHSA-38qw-j787-v8c2

VCID-zc1y-ff37-nqat

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.

CVE-2016-4433
GHSA-wm8w-qp2f-728q

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:07:16.337682+00:00	GitLab Importer	Affected by	VCID-tgd1-s1yg-9fdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2025-68493.yml	38.4.0
2026-04-16T21:54:42.790294+00:00	GitLab Importer	Fixing	VCID-zc1y-ff37-nqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4433.yml	38.4.0
2026-04-16T21:53:37.869113+00:00	GitLab Importer	Fixing	VCID-js22-usgt-8qd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4430.yml	38.4.0
2026-04-12T01:30:42.604479+00:00	GitLab Importer	Affected by	VCID-tgd1-s1yg-9fdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2025-68493.yml	38.3.0
2026-04-11T23:10:01.065578+00:00	GitLab Importer	Fixing	VCID-zc1y-ff37-nqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4433.yml	38.3.0
2026-04-11T23:09:05.090942+00:00	GitLab Importer	Fixing	VCID-js22-usgt-8qd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4430.yml	38.3.0
2026-04-04T14:31:17.862815+00:00	GHSA Importer	Fixing	VCID-zc1y-ff37-nqat	https://github.com/advisories/GHSA-wm8w-qp2f-728q	38.1.0
2026-04-04T14:31:07.240063+00:00	GHSA Importer	Fixing	VCID-js22-usgt-8qd9	https://github.com/advisories/GHSA-38qw-j787-v8c2	38.1.0
2026-04-03T01:39:32.045175+00:00	GitLab Importer	Affected by	VCID-tgd1-s1yg-9fdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2025-68493.yml	38.1.0
2026-04-02T23:18:45.242277+00:00	GitLab Importer	Fixing	VCID-zc1y-ff37-nqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4433.yml	38.1.0
2026-04-02T23:17:46.701585+00:00	GitLab Importer	Fixing	VCID-js22-usgt-8qd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4430.yml	38.1.0
2026-04-01T17:39:06.745908+00:00	GitLab Importer	Fixing	VCID-zc1y-ff37-nqat	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4433.yml	38.0.0
2026-04-01T17:38:00.315350+00:00	GitLab Importer	Fixing	VCID-js22-usgt-8qd9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts.xwork/xwork-core/CVE-2016-4430.yml	38.0.0
2026-04-01T13:11:45.087691+00:00	GithubOSV Importer	Fixing	VCID-zc1y-ff37-nqat	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wm8w-qp2f-728q/GHSA-wm8w-qp2f-728q.json	38.0.0
2026-04-01T13:08:40.933718+00:00	GithubOSV Importer	Fixing	VCID-js22-usgt-8qd9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-38qw-j787-v8c2/GHSA-38qw-j787-v8c2.json	38.0.0