VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-parent@2.2.3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-tcaj-6bcg-k7g2 Aliases: CVE-2016-3090 GHSA-ggmp-fxfg-277r	Improper Input Validation The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.	2.3.20 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-tcaj-6bcg-k7g2
Aliases:
CVE-2016-3090
GHSA-ggmp-fxfg-277r

Improper Input Validation The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.

2.3.20
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-c4ag-2wfu-53ew	Apache Struts Multiple Cross-site Scripting Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to `struts2-showcase/person/editPerson.action`, or the (3) clientName parameter to `struts2-rest-showcase/orders`.	CVE-2012-1006 GHSA-cmpm-jg8r-fv37
VCID-nmgp-r7hb-5ke1	The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.	CVE-2012-0391 GHSA-4wrr-9h5r-m92w

Vulnerability

Summary

Aliases

VCID-c4ag-2wfu-53ew

Apache Struts Multiple Cross-site Scripting Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to `struts2-showcase/person/editPerson.action`, or the (3) clientName parameter to `struts2-rest-showcase/orders`.

CVE-2012-1006
GHSA-cmpm-jg8r-fv37

VCID-nmgp-r7hb-5ke1

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.

CVE-2012-0391
GHSA-4wrr-9h5r-m92w

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:53:40.654473+00:00	GitLab Importer	Fixing	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.4.0
2026-04-16T21:51:12.255925+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.4.0
2026-04-16T21:46:37.833847+00:00	GitLab Importer	Fixing	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.4.0
2026-04-11T23:09:06.949740+00:00	GitLab Importer	Fixing	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.3.0
2026-04-11T23:07:16.922582+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.3.0
2026-04-11T23:02:25.008191+00:00	GitLab Importer	Fixing	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.3.0
2026-04-04T14:31:15.117080+00:00	GHSA Importer	Fixing	VCID-c4ag-2wfu-53ew	https://github.com/advisories/GHSA-cmpm-jg8r-fv37	38.1.0
2026-04-02T23:17:48.887466+00:00	GitLab Importer	Fixing	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.1.0
2026-04-02T23:15:29.519797+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.1.0
2026-04-02T23:10:50.991618+00:00	GitLab Importer	Fixing	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.1.0
2026-04-01T17:38:03.040555+00:00	GitLab Importer	Fixing	VCID-c4ag-2wfu-53ew	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-1006.yml	38.0.0
2026-04-01T17:35:31.100216+00:00	GitLab Importer	Affected by	VCID-tcaj-6bcg-k7g2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2016-3090.yml	38.0.0
2026-04-01T13:10:47.017216+00:00	GithubOSV Importer	Fixing	VCID-c4ag-2wfu-53ew	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cmpm-jg8r-fv37/GHSA-cmpm-jg8r-fv37.json	38.0.0
2026-04-01T12:50:02.867213+00:00	GitLab Importer	Fixing	VCID-nmgp-r7hb-5ke1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-parent/CVE-2012-0391.yml	38.0.0