Search for packages
| purl | pkg:maven/org.apache.struts/struts2-core@2.3.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-74ab-1p1c-4qbd
Aliases: CVE-2016-6795 GHSA-44hv-jjx7-qfjg |
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. |
Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-7c97-nj5a-hqb8
Aliases: CVE-2017-5638 GHSA-j77q-2qqg-6989 |
Affected by 16 other vulnerabilities. Affected by 17 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:57:02.484819+00:00 | GHSA Importer | Affected by | VCID-7c97-nj5a-hqb8 | https://github.com/advisories/GHSA-j77q-2qqg-6989 | 38.0.0 |
| 2026-04-01T12:50:29.921677+00:00 | GitLab Importer | Affected by | VCID-74ab-1p1c-4qbd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2016-6795.yml | 38.0.0 |
| 2026-04-01T12:48:05.712972+00:00 | GitLab Importer | Affected by | VCID-7c97-nj5a-hqb8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2017-5638.yml | 38.0.0 |