Search for packages
| purl | pkg:maven/org.apache.struts/struts2-core@2.1.1 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bgbt-j1n9-6yg5
Aliases: CVE-2018-1327 GHSA-38cr-2ph5-frr9 |
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. |
Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:31:53.585900+00:00 | GHSA Importer | Fixing | VCID-skbn-jggt-uffg | https://github.com/advisories/GHSA-jgcr-9c2q-rvp8 | 38.1.0 |
| 2026-04-01T13:07:58.556714+00:00 | GithubOSV Importer | Fixing | VCID-skbn-jggt-uffg | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jgcr-9c2q-rvp8/GHSA-jgcr-9c2q-rvp8.json | 38.0.0 |
| 2026-04-01T12:50:42.179788+00:00 | GitLab Importer | Fixing | VCID-skbn-jggt-uffg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2008-6682.yml | 38.0.0 |
| 2026-04-01T12:47:38.110562+00:00 | GitLab Importer | Affected by | VCID-bgbt-j1n9-6yg5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2018-1327.yml | 38.0.0 |