Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.struts/struts2-core@2.3.24.2
purl pkg:maven/org.apache.struts/struts2-core@2.3.24.2
Tags Ghost
Next non-vulnerable version 6.8.0
Latest non-vulnerable version 7.1.1
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-579w-2k2v-efa2
Aliases:
CVE-2017-12611
GHSA-8fx9-5hx8-crhm
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.
2.3.34
Affected by 13 other vulnerabilities.
2.5.10.1
Affected by 17 other vulnerabilities.
2.5.11
Affected by 0 other vulnerabilities.
2.5.12
Affected by 14 other vulnerabilities.
VCID-czjh-bpfk-3yh6
Aliases:
CVE-2016-3081
GHSA-8c6j-ffmf-q6vm
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
2.3.24.3
Affected by 24 other vulnerabilities.
2.3.28.1
Affected by 22 other vulnerabilities.
VCID-mdde-pa5h-w7g4
Aliases:
CVE-2017-9804
GHSA-x5x7-3v85-wpc4
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672.
2.3.34
Affected by 13 other vulnerabilities.
2.5.13
Affected by 13 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:30:06.723206+00:00 GHSA Importer Affected by VCID-czjh-bpfk-3yh6 https://github.com/advisories/GHSA-8c6j-ffmf-q6vm 38.1.0
2026-04-01T12:47:21.115370+00:00 GitLab Importer Affected by VCID-mdde-pa5h-w7g4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2017-9804.yml 38.0.0
2026-04-01T12:47:20.740857+00:00 GitLab Importer Affected by VCID-579w-2k2v-efa2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-core/CVE-2017-12611.yml 38.0.0