Search for packages
| purl | pkg:maven/org.apache.struts/struts2-core@2.3.19 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-579w-2k2v-efa2
Aliases: CVE-2017-12611 GHSA-8fx9-5hx8-crhm |
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. |
Affected by 25 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-7fgd-jnfe-gkhp
Aliases: CVE-2016-3087 GHSA-mmj6-cjj4-hpr5 |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin. |
Affected by 25 other vulnerabilities. Affected by 24 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-czjh-bpfk-3yh6
Aliases: CVE-2016-3081 GHSA-8c6j-ffmf-q6vm |
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. |
Affected by 25 other vulnerabilities. Affected by 24 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-mdde-pa5h-w7g4
Aliases: CVE-2017-9804 GHSA-x5x7-3v85-wpc4 |
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672. |
Affected by 25 other vulnerabilities. Affected by 28 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-vgp6-jxqt-pbf4
Aliases: CVE-2016-4438 GHSA-4prj-vw9j-v6pr |
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression. |
Affected by 18 other vulnerabilities. |
|
VCID-y4qu-21c9-6fav
Aliases: CVE-2017-9787 GHSA-8mr5-h28g-36qx |
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. |
Affected by 15 other vulnerabilities. Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||