Search for packages
| purl | pkg:maven/org.apache.struts/struts2-core@2.3.23 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-579w-2k2v-efa2
Aliases: CVE-2017-12611 GHSA-8fx9-5hx8-crhm |
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. |
Affected by 13 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-mdde-pa5h-w7g4
Aliases: CVE-2017-9804 GHSA-x5x7-3v85-wpc4 |
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672. |
Affected by 28 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:21.113818+00:00 | GitLab Importer | Affected by | VCID-mdde-pa5h-w7g4 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2017-9804.yml | 38.0.0 |
| 2026-04-01T12:47:20.738349+00:00 | GitLab Importer | Affected by | VCID-579w-2k2v-efa2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2017-12611.yml | 38.0.0 |