Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.struts/struts2-core@2.1.0
purl pkg:maven/org.apache.struts/struts2-core@2.1.0
Tags Ghost
Next non-vulnerable version 6.8.0
Latest non-vulnerable version 7.1.1
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-2rjv-1thm-dugt
Aliases:
CVE-2016-3082
GHSA-pvm9-288c-v5wq
XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.
2.3.20.3
Affected by 25 other vulnerabilities.
2.3.24.3
Affected by 24 other vulnerabilities.
2.3.28.1
Affected by 22 other vulnerabilities.
VCID-579w-2k2v-efa2
Aliases:
CVE-2017-12611
GHSA-8fx9-5hx8-crhm
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
2.3.20.3
Affected by 25 other vulnerabilities.
2.3.34
Affected by 13 other vulnerabilities.
2.5.10.1
Affected by 17 other vulnerabilities.
2.5.11
Affected by 0 other vulnerabilities.
2.5.12
Affected by 14 other vulnerabilities.
VCID-d8as-n8hc-j3fj
Aliases:
CVE-2008-6505
GHSA-wv7g-xhvw-8hcp
Apache Struts directory traversal vulnerability Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a `..%252f` (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
2.1.3
Affected by 0 other vulnerabilities.
2.1.6
Affected by 50 other vulnerabilities.
VCID-skbn-jggt-uffg
Aliases:
CVE-2008-6682
GHSA-jgcr-9c2q-rvp8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
2.1.1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:53.582295+00:00 GHSA Importer Affected by VCID-skbn-jggt-uffg https://github.com/advisories/GHSA-jgcr-9c2q-rvp8 38.1.0
2026-04-04T14:31:53.512622+00:00 GHSA Importer Affected by VCID-d8as-n8hc-j3fj https://github.com/advisories/GHSA-wv7g-xhvw-8hcp 38.1.0
2026-04-03T21:26:02.467496+00:00 GitLab Importer Affected by VCID-d8as-n8hc-j3fj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2008-6505.yml 38.1.0
2026-04-01T12:50:42.173187+00:00 GitLab Importer Affected by VCID-skbn-jggt-uffg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2008-6682.yml 38.0.0
2026-04-01T12:47:20.698843+00:00 GitLab Importer Affected by VCID-579w-2k2v-efa2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2017-12611.yml 38.0.0
2026-04-01T12:47:02.800781+00:00 GitLab Importer Affected by VCID-2rjv-1thm-dugt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2016-3082.yml 38.0.0