Search for packages
| purl | pkg:maven/org.apache.struts/struts2-core@2.5.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-579w-2k2v-efa2
Aliases: CVE-2017-12611 GHSA-8fx9-5hx8-crhm |
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack. |
Affected by 17 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 14 other vulnerabilities. |
|
VCID-5qtg-djvn-97ht
Aliases: CVE-2016-8738 GHSA-86vq-8qhc-5rqw |
In Apache Struts 2.5 through 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. |
Affected by 18 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-74ab-1p1c-4qbd
Aliases: CVE-2016-6795 GHSA-44hv-jjx7-qfjg |
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. |
Affected by 19 other vulnerabilities. |
|
VCID-7c97-nj5a-hqb8
Aliases: CVE-2017-5638 GHSA-j77q-2qqg-6989 |
Affected by 17 other vulnerabilities. |
|
|
VCID-j8jv-hzsy-nyec
Aliases: CVE-2025-64775 GHSA-xx7v-hqxh-cjr9 |
Apache Struts is Vulnerable to DoS via File Leak Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mdde-pa5h-w7g4
Aliases: CVE-2017-9804 GHSA-x5x7-3v85-wpc4 |
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this vulnerability exists because of an incomplete fix for S2-047 / CVE-2017-7672. |
Affected by 13 other vulnerabilities. |
|
VCID-sf53-bgb2-7ue2
Aliases: CVE-2016-4465 GHSA-xg75-68x3-7p3q |
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. |
Affected by 20 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-tgd1-s1yg-9fdt
Aliases: CVE-2025-68493 GHSA-qcfc-hmrc-59x7 |
Apache Struts 2 is Missing XML Validation Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue. |
Affected by 5 other vulnerabilities. |
|
VCID-y4qu-21c9-6fav
Aliases: CVE-2017-9787 GHSA-8mr5-h28g-36qx |
When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33. |
Affected by 14 other vulnerabilities. |
|
VCID-zkg1-bed6-bbfv
Aliases: CVE-2017-7672 GHSA-9gp7-jvm2-r4mx |
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12. |
Affected by 14 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||