Search for packages
| purl | pkg:maven/org.apache.struts/struts2-core@2.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-j5su-cnqd-6yad
Aliases: CVE-2016-0785 GHSA-876p-4wgc-75rx |
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. |
Affected by 25 other vulnerabilities. Affected by 24 other vulnerabilities. Affected by 25 other vulnerabilities. |
|
VCID-tcaj-6bcg-k7g2
Aliases: CVE-2016-3090 GHSA-ggmp-fxfg-277r |
Improper Input Validation The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling. |
Affected by 31 other vulnerabilities. |
|
VCID-y5uq-a6dx-3yd4
Aliases: CVE-2012-1592 GHSA-8m5q-crqq-6pmf |
Unrestricted Upload of File with Dangerous Type A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. |
Affected by 8 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:00:23.510347+00:00 | GHSA Importer | Affected by | VCID-y5uq-a6dx-3yd4 | https://github.com/advisories/GHSA-8m5q-crqq-6pmf | 38.0.0 |
| 2026-04-01T12:50:34.514190+00:00 | GitLab Importer | Affected by | VCID-j5su-cnqd-6yad | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2016-0785.yml | 38.0.0 |
| 2026-04-01T12:50:32.708342+00:00 | GitLab Importer | Affected by | VCID-tcaj-6bcg-k7g2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2016-3090.yml | 38.0.0 |
| 2026-04-01T12:49:52.612534+00:00 | GitLab Importer | Affected by | VCID-y5uq-a6dx-3yd4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2012-1592.yml | 38.0.0 |