VulnerableCode Package Details - pkg:maven/org.apache.struts/struts-extras@1.3.9

Search for packages

Vulnerability	Summary	Fixed by
VCID-vk8c-a1za-w3cd Aliases: CVE-2025-54656 GHSA-cx25-xg7c-xfm5	Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated). As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-vk8c-a1za-w3cd
Aliases:
CVE-2025-54656
GHSA-cx25-xg7c-xfm5

Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability ** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated). As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:34:15.337202+00:00	GitLab Importer	Affected by	VCID-vk8c-a1za-w3cd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts-extras/CVE-2025-54656.yml	38.4.0
2026-04-12T00:54:22.418706+00:00	GitLab Importer	Affected by	VCID-vk8c-a1za-w3cd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts-extras/CVE-2025-54656.yml	38.3.0
2026-04-03T01:02:29.456371+00:00	GitLab Importer	Affected by	VCID-vk8c-a1za-w3cd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts-extras/CVE-2025-54656.yml	38.1.0