Search for packages
| purl | pkg:maven/org.apache.struts/struts-master@2.3.20 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-fwnu-d26u-pufq
Aliases: CVE-2016-4431 GHSA-vq79-mgpx-2wx4 |
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method. | There are no reported fixed by versions. |
|
VCID-js22-usgt-8qd9
Aliases: CVE-2016-4430 GHSA-38qw-j787-v8c2 |
Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors. | There are no reported fixed by versions. |
|
VCID-zc1y-ff37-nqat
Aliases: CVE-2016-4433 GHSA-wm8w-qp2f-728q |
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-03T21:26:01.531314+00:00 | GitLab Importer | Affected by | VCID-zc1y-ff37-nqat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts-master/CVE-2016-4433.yml | 38.1.0 |
| 2026-04-03T21:26:01.112436+00:00 | GitLab Importer | Affected by | VCID-fwnu-d26u-pufq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts-master/CVE-2016-4431.yml | 38.1.0 |
| 2026-04-03T21:25:58.779401+00:00 | GitLab Importer | Affected by | VCID-js22-usgt-8qd9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts-master/CVE-2016-4430.yml | 38.1.0 |