VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.0

Essentials
History (1)

purl	pkg:maven/org.apache.struts/struts2-convention-plugin@2.3.0
Tags	Ghost

Next non-vulnerable version	2.5.33
Latest non-vulnerable version	6.3.0.2
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-74ab-1p1c-4qbd Aliases: CVE-2016-6795 GHSA-44hv-jjx7-qfjg	In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.	2.3.31 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.5 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-74ab-1p1c-4qbd
Aliases:
CVE-2016-6795
GHSA-44hv-jjx7-qfjg

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.

2.3.31
Affected by 4 other vulnerabilities.

2.5.5
Affected by 4 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:30:06.498811+00:00	GHSA Importer	Affected by	VCID-74ab-1p1c-4qbd	https://github.com/advisories/GHSA-44hv-jjx7-qfjg	38.1.0