{"url":"http://public2.vulnerablecode.io/api/packages/22231?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.1.8","type":"maven","namespace":"org.apache.struts","name":"struts2-core","version":"2.1.8","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.8.0","latest_non_vulnerable_version":"7.1.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8109?format=json","vulnerability_id":"VCID-2chz-36wn-9fcv","summary":"Manipulation of Struts internals\nThis package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5209","reference_id":"","reference_type":"","scores":[{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80254","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80167","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80178","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80169","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80197","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80198","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80229","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80238","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80138","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02387","scoring_system":"epss","scoring_elements":"0.84935","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02387","scoring_system":"epss","scoring_elements":"0.84967","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02387","scoring_system":"epss","scoring_elements":"0.84949","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5209"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5209","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5209"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0002/"},{"reference_url":"https://struts.apache.org/docs/s2-026.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-026.html"},{"reference_url":"https://github.com/advisories/GHSA-4qgj-9mvg-3929","reference_id":"GHSA-4qgj-9mvg-3929","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qgj-9mvg-3929"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22083?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1"}],"aliases":["CVE-2015-5209","GHSA-4qgj-9mvg-3929"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2chz-36wn-9fcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5021?format=json","vulnerability_id":"VCID-2rjv-1thm-dugt","summary":"XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3082","reference_id":"","reference_type":"","scores":[{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.9615","published_at":"2026-04-29T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96125","published_at":"2026-04-08T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96129","published_at":"2026-04-09T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96131","published_at":"2026-04-11T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.9613","published_at":"2026-04-12T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96132","published_at":"2026-04-13T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96141","published_at":"2026-04-16T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96146","published_at":"2026-04-18T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96147","published_at":"2026-04-21T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96149","published_at":"2026-04-26T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96095","published_at":"2026-04-01T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96115","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3082"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f"},{"reference_url":"http://struts.apache.org/docs/s2-031.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-031.html"},{"reference_url":"http://www.securityfocus.com/bid/88826","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/88826"},{"reference_url":"http://www.securitytracker.com/id/1035664","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035664"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3082","reference_id":"CVE-2016-3082","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3082"},{"reference_url":"https://github.com/advisories/GHSA-pvm9-288c-v5wq","reference_id":"GHSA-pvm9-288c-v5wq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvm9-288c-v5wq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22262?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22085?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22265?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1"}],"aliases":["CVE-2016-3082","GHSA-pvm9-288c-v5wq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2rjv-1thm-dugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5076?format=json","vulnerability_id":"VCID-2v7h-fght-cugn","summary":"Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.","references":[{"reference_url":"http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html","reference_id":"","reference_type":"","scores":[],"url":"http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html"},{"reference_url":"http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7809","reference_id":"","reference_type":"","scores":[{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91844","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91839","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91845","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91824","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91828","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91781","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91823","published_at":"2026-04-09T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.9179","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91804","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91795","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7809"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7809","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7809"},{"reference_url":"http://struts.apache.org/docs/s2-023.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-023.html"},{"reference_url":"https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309"},{"reference_url":"https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548"},{"reference_url":"https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.securityfocus.com/archive/1/534175/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/534175/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/71548","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/71548"},{"reference_url":"http://www.securitytracker.com/id/1031309","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031309"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172133","reference_id":"1172133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172133"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-h4v9-jf2r-9h6m","reference_id":"GHSA-h4v9-jf2r-9h6m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4v9-jf2r-9h6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20924?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-7809","GHSA-h4v9-jf2r-9h6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2v7h-fght-cugn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11671?format=json","vulnerability_id":"VCID-3yq7-n972-j7dh","summary":"Improperly Controlled Modification of Dynamically-Determined Object Attributes\nApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.","references":[{"reference_url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html"},{"reference_url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0230","reference_id":"","reference_type":"","scores":[{"value":"0.93727","scoring_system":"epss","scoring_elements":"0.9985","published_at":"2026-04-08T12:55:00Z"},{"value":"0.93727","scoring_system":"epss","scoring_elements":"0.99849","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93727","scoring_system":"epss","scoring_elements":"0.99848","published_at":"2026-04-01T12:55:00Z"},{"value":"0.93727","scoring_system":"epss","scoring_elements":"0.99851","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93727","scoring_system":"epss","scoring_elements":"0.99852","published_at":"2026-04-16T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99867","published_at":"2026-04-24T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99868","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0230"},{"reference_url":"https://cwiki.apache.org/confluence/display/ww/s2-059","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/ww/s2-059"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2982840","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.support.sap.com/#/notes/2982840"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869672","reference_id":"1869672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869672"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py","reference_id":"CVE-2019-0230","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230","reference_id":"CVE-2019-0230","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230"},{"reference_url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727","reference_id":"GHSA-wp4h-pvgw-5727","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41963?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2019-0230","GHSA-wp4h-pvgw-5727"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3yq7-n972-j7dh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5004?format=json","vulnerability_id":"VCID-4agy-6nsx-7ufh","summary":"Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service (block access to a web site) via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3093","reference_id":"","reference_type":"","scores":[{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.8977","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89815","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89816","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89801","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89807","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89806","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89791","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89798","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.8975","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.898","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89793","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89753","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89768","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3093"},{"reference_url":"https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92"},{"reference_url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"},{"reference_url":"https://struts.apache.org/docs/s2-034.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-034.html"},{"reference_url":"http://struts.apache.org/docs/s2-034.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-034.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854"},{"reference_url":"http://www.securityfocus.com/bid/90961","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/90961"},{"reference_url":"http://www.securitytracker.com/id/1036018","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036018"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341677","reference_id":"1341677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341677"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ognl_project:ognl:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3093","reference_id":"CVE-2016-3093","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3093"},{"reference_url":"https://github.com/advisories/GHSA-383p-xqxx-rrmp","reference_id":"GHSA-383p-xqxx-rrmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-383p-xqxx-rrmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22085?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"}],"aliases":["CVE-2016-3093","GHSA-383p-xqxx-rrmp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4agy-6nsx-7ufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4664?format=json","vulnerability_id":"VCID-579w-2k2v-efa2","summary":"In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611","reference_id":"","reference_type":"","scores":[{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99929","published_at":"2026-04-29T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99928","published_at":"2026-04-26T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99927","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99926","published_at":"2026-04-18T12:55:00Z"},{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99925","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa"},{"reference_url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f"},{"reference_url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"},{"reference_url":"https://struts.apache.org/docs/s2-053.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-053.html"},{"reference_url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"reference_url":"http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478","reference_id":"1489478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.5:beta3:*:*:*:*:*:*"},{"reference_url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611","reference_id":"CVE-2017-12611","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611"},{"reference_url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm","reference_id":"GHSA-8fx9-5hx8-crhm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22262?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/24695?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34"},{"url":"http://public2.vulnerablecode.io/api/packages/24323?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zkg1-bed6-bbfv"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/77954?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/24325?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12"}],"aliases":["CVE-2017-12611","GHSA-8fx9-5hx8-crhm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-579w-2k2v-efa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4582?format=json","vulnerability_id":"VCID-6241-shkt-s7ew","summary":"Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2134","reference_id":"","reference_type":"","scores":[{"value":"0.91526","scoring_system":"epss","scoring_elements":"0.99671","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91526","scoring_system":"epss","scoring_elements":"0.99677","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91526","scoring_system":"epss","scoring_elements":"0.99675","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91526","scoring_system":"epss","scoring_elements":"0.99674","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91526","scoring_system":"epss","scoring_elements":"0.99673","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91526","scoring_system":"epss","scoring_elements":"0.99672","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92052","scoring_system":"epss","scoring_elements":"0.99699","published_at":"2026-04-02T12:55:00Z"},{"value":"0.92052","scoring_system":"epss","scoring_elements":"0.99701","published_at":"2026-04-07T12:55:00Z"},{"value":"0.92052","scoring_system":"epss","scoring_elements":"0.997","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2134"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-015","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-015"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201409-04.xml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201409-04.xml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0"},{"reference_url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f"},{"reference_url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3"},{"reference_url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4090","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4090"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4094","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4094"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4095","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4095"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-015.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-015.html"},{"reference_url":"http://struts.apache.org/docs/s2-015.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-015.html"},{"reference_url":"https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346"},{"reference_url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"},{"reference_url":"http://www.securityfocus.com/bid/60346","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60346"},{"reference_url":"http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64758"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2134","reference_id":"CVE-2013-2134","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2134"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt","reference_id":"CVE-2013-2134;OSVDB-93969","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt"},{"reference_url":"https://www.securityfocus.com/bid/60345/info","reference_id":"CVE-2013-2134;OSVDB-93969","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/60345/info"},{"reference_url":"https://github.com/advisories/GHSA-gqqm-564f-vvxq","reference_id":"GHSA-gqqm-564f-vvxq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gqqm-564f-vvxq"},{"reference_url":"https://security.gentoo.org/glsa/201409-04","reference_id":"GLSA-201409-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201409-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20324?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-2134","GHSA-gqqm-564f-vvxq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6241-shkt-s7ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4609?format=json","vulnerability_id":"VCID-6hrc-fm64-ckhf","summary":"Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2162","reference_id":"","reference_type":"","scores":[{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.7916","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79171","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79185","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79286","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79269","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79263","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79227","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.7923","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79213","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79228","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79204","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79196","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java"},{"reference_url":"https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2162","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2162"},{"reference_url":"http://struts.apache.org/docs/s2-030.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-030.html"},{"reference_url":"https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070"},{"reference_url":"https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272"},{"reference_url":"http://www.securityfocus.com/bid/85070","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/85070"},{"reference_url":"http://www.securitytracker.com/id/1035272","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035272"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326724","reference_id":"1326724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326724"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2_beta:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-2j4q-9fff-236j","reference_id":"GHSA-2j4q-9fff-236j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j4q-9fff-236j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22241?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-2162","GHSA-2j4q-9fff-236j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hrc-fm64-ckhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5126?format=json","vulnerability_id":"VCID-6t1x-s2k2-b7bq","summary":"Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4310","reference_id":"","reference_type":"","scores":[{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92509","published_at":"2026-04-29T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92507","published_at":"2026-04-16T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92506","published_at":"2026-04-18T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.9251","published_at":"2026-04-21T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92512","published_at":"2026-04-24T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92513","published_at":"2026-04-26T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92456","published_at":"2026-04-01T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92462","published_at":"2026-04-02T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92474","published_at":"2026-04-07T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92485","published_at":"2026-04-08T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.9249","published_at":"2026-04-09T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92496","published_at":"2026-04-13T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92498","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4310"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4310","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4310"},{"reference_url":"http://struts.apache.org/docs/s2-018.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-018.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-018.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-018.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013030","reference_id":"1013030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013030"},{"reference_url":"https://github.com/advisories/GHSA-q5q8-jghf-3pm3","reference_id":"GHSA-q5q8-jghf-3pm3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5q8-jghf-3pm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20432?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3"}],"aliases":["CVE-2013-4310","GHSA-q5q8-jghf-3pm3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t1x-s2k2-b7bq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4579?format=json","vulnerability_id":"VCID-759g-hsfg-97f8","summary":"Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2248","reference_id":"","reference_type":"","scores":[{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99703","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99694","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99695","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99696","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99697","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99698","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.997","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99702","published_at":"2026-04-26T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2248"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6"},{"reference_url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4140","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4140"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2248","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2248"},{"reference_url":"http://struts.apache.org/docs/s2-017.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-017.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-017.html"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"},{"reference_url":"http://www.securityfocus.com/bid/61196","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/61196"},{"reference_url":"http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64758"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt","reference_id":"CVE-2013-2248;OSVDB-95406","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt"},{"reference_url":"https://www.securityfocus.com/bid/61196/info","reference_id":"CVE-2013-2248;OSVDB-95406","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/61196/info"},{"reference_url":"https://github.com/advisories/GHSA-rpj9-r897-wc6q","reference_id":"GHSA-rpj9-r897-wc6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rpj9-r897-wc6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20328?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1"}],"aliases":["CVE-2013-2248","GHSA-rpj9-r897-wc6q"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-759g-hsfg-97f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12554?format=json","vulnerability_id":"VCID-79j9-v8gz-rfax","summary":"Remote code execution in Apache Struts\nForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN43969166/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://jvn.jp/en/jp/JVN43969166/index.html"},{"reference_url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17530","reference_id":"","reference_type":"","scores":[{"value":"0.94376","scoring_system":"epss","scoring_elements":"0.99967","published_at":"2026-04-13T12:55:00Z"},{"value":"0.94376","scoring_system":"epss","scoring_elements":"0.99966","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94376","scoring_system":"epss","scoring_elements":"0.99968","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17530"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-061","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-061"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210115-0005"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/12/6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/04/12/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905645","reference_id":"1905645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905645"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17530","reference_id":"CVE-2020-17530","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17530"},{"reference_url":"https://github.com/advisories/GHSA-jc35-q369-45pv","reference_id":"GHSA-jc35-q369-45pv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc35-q369-45pv"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0005/","reference_id":"ntap-20210115-0005","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210115-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44976?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26"}],"aliases":["CVE-2020-17530","GHSA-jc35-q369-45pv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-79j9-v8gz-rfax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14756?format=json","vulnerability_id":"VCID-87fh-rvvb-6ubq","summary":"Apache Struts file upload logic is flawed\nFile upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\n\nThis issue affects Apache Struts: from 2.0.0 before 6.4.0.\n\nUsers are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.\n\nYou can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 .","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"0.91785","scoring_system":"epss","scoring_elements":"0.99684","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91785","scoring_system":"epss","scoring_elements":"0.99685","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91785","scoring_system":"epss","scoring_elements":"0.99686","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93053","scoring_system":"epss","scoring_elements":"0.99791","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93053","scoring_system":"epss","scoring_elements":"0.99792","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93053","scoring_system":"epss","scoring_elements":"0.99788","published_at":"2026-04-08T12:55:00Z"},{"value":"0.93053","scoring_system":"epss","scoring_elements":"0.99789","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93081","scoring_system":"epss","scoring_elements":"0.99794","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93081","scoring_system":"epss","scoring_elements":"0.99793","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53677"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-067","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-067"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854"},{"reference_url":"https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78"},{"reference_url":"https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53677"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250103-0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250103-0005"},{"reference_url":"https://struts.apache.org/core-developers/file-upload","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/core-developers/file-upload"},{"reference_url":"https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331686","reference_id":"2331686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331686"},{"reference_url":"https://github.com/advisories/GHSA-43mq-6xmg-29vm","reference_id":"GHSA-43mq-6xmg-29vm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43mq-6xmg-29vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51843?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95ts-vpk6-uubg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0"}],"aliases":["CVE-2024-53677","GHSA-43mq-6xmg-29vm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87fh-rvvb-6ubq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15433?format=json","vulnerability_id":"VCID-8bsh-bshc-vkgq","summary":"Apache Struts forced double OGNL evaluation\nApache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4461","reference_id":"","reference_type":"","scores":[{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82262","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82376","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82372","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82361","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.8234","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82338","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82304","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82309","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82235","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82315","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82296","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82248","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82288","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82267","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4461"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0004/"},{"reference_url":"https://struts.apache.org/docs/s2-036.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-036.html"},{"reference_url":"http://www.securityfocus.com/bid/91277","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91277"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4461","reference_id":"CVE-2016-4461","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4461"},{"reference_url":"https://github.com/advisories/GHSA-864w-r5qj-h6fj","reference_id":"GHSA-864w-r5qj-h6fj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-864w-r5qj-h6fj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22670?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"}],"aliases":["CVE-2016-4461","GHSA-864w-r5qj-h6fj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bsh-bshc-vkgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55501?format=json","vulnerability_id":"VCID-8mws-fbmg-cqa9","summary":"Cross-site Scripting in Apache Struts\nWhen the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. \n\nIt is generally not advisable to have debug mode switched on outside of the development environment. Debug mode should always be turned off in production setup. Also never expose JSPs files directly and hide them inside WEB-INF folder or define dedicated security constraints to block access to raw JSP files.\n\nStruts >= 2.3.20 is not vulnerable to this attack. We recommend upgrading to Struts 2.3.20 or higher if turning off debug mode is not possible.","references":[{"reference_url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html"},{"reference_url":"http://jvn.jp/en/jp/JVN88408929/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN88408929/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2992","reference_id":"","reference_type":"","scores":[{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76989","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76902","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76897","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76939","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76944","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76936","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76969","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76977","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76834","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76841","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76871","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76853","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76895","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.76922","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2992"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-025","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-025"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/Security","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/Security"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2992","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2992"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200330-0001","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200330-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200330-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200330-0001/"},{"reference_url":"http://www.securityfocus.com/bid/76624","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260101","reference_id":"1260101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260101"},{"reference_url":"https://github.com/advisories/GHSA-265r-pp83-gww7","reference_id":"GHSA-265r-pp83-gww7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-265r-pp83-gww7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20924?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2015-2992","GHSA-265r-pp83-gww7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8mws-fbmg-cqa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23822?format=json","vulnerability_id":"VCID-95ts-vpk6-uubg","summary":"Apache Struts has a Denial of Service vulnerability\nDenial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66675","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31599","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31685","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31628","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31729","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31547","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.4067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40561","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40748","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40778","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40733","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40478","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66675"},{"reference_url":"https://cve.org/CVERecord?id=CVE-2025-64775","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/"}],"url":"https://cve.org/CVERecord?id=CVE-2025-64775"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-068","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-068"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66675","reference_id":"CVE-2025-66675","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66675"},{"reference_url":"https://github.com/advisories/GHSA-rg58-xhh7-mqjw","reference_id":"GHSA-rg58-xhh7-mqjw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg58-xhh7-mqjw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66570?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/66571?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@7.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1"}],"aliases":["CVE-2025-66675","GHSA-rg58-xhh7-mqjw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95ts-vpk6-uubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4865?format=json","vulnerability_id":"VCID-at5c-f8p8-67fh","summary":"Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4003","reference_id":"","reference_type":"","scores":[{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85608","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85741","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85739","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85691","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85677","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85665","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85645","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.8562","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85705","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85711","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85706","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85684","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85687","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4003"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc"},{"reference_url":"https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9"},{"reference_url":"https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e"},{"reference_url":"https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2"},{"reference_url":"https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4507","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4507"},{"reference_url":"http://struts.apache.org/docs/s2-028.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-028.html"},{"reference_url":"https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311"},{"reference_url":"https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268"},{"reference_url":"http://www.securityfocus.com/bid/86311","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/86311"},{"reference_url":"http://www.securitytracker.com/id/1035268","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035268"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326725","reference_id":"1326725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326725"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4003","reference_id":"CVE-2016-4003","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4003"},{"reference_url":"https://github.com/advisories/GHSA-m3x6-9v6h-4g28","reference_id":"GHSA-m3x6-9v6h-4g28","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3x6-9v6h-4g28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22085?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22241?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-4003","GHSA-m3x6-9v6h-4g28"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-at5c-f8p8-67fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4712?format=json","vulnerability_id":"VCID-b59n-uxft-4qgz","summary":"Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4316","reference_id":"","reference_type":"","scores":[{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90866","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90836","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.9086","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90858","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90856","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.9087","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90868","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90784","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90789","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90801","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90812","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90829","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90838","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4316"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1"},{"reference_url":"https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4316","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4316"},{"reference_url":"http://struts.apache.org/docs/s2-019.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-019.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-019.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-019.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013036","reference_id":"1013036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013036"},{"reference_url":"https://github.com/advisories/GHSA-j7h6-xr7g-m2c5","reference_id":"GHSA-j7h6-xr7g-m2c5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j7h6-xr7g-m2c5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20431?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2"}],"aliases":["CVE-2013-4316","GHSA-j7h6-xr7g-m2c5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b59n-uxft-4qgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17909?format=json","vulnerability_id":"VCID-b7zy-qhz9-tuar","summary":"Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34149","reference_id":"","reference_type":"","scores":[{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19577","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19474","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19422","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19344","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00062","scoring_system":"epss","scoring_elements":"0.19623","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2055","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20553","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20567","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2062","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20662","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20397","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20429","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.2043","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20545","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34149"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-063","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-063"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/06/14/2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/06/14/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34149","reference_id":"CVE-2023-34149","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34149"},{"reference_url":"https://github.com/advisories/GHSA-8f6x-v685-g2xc","reference_id":"GHSA-8f6x-v685-g2xc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f6x-v685-g2xc"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005/","reference_id":"ntap-20230706-0005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58046?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31"},{"url":"http://public2.vulnerablecode.io/api/packages/58047?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-gfxq-vtry-bqgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1"}],"aliases":["CVE-2023-34149","GHSA-8f6x-v685-g2xc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7zy-qhz9-tuar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4677?format=json","vulnerability_id":"VCID-bgbt-j1n9-6yg5","summary":"The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1327","reference_id":"","reference_type":"","scores":[{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90913","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90915","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90916","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90903","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90902","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90905","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.9088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90881","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90854","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90844","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90833","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90828","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90872","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.90866","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1327"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-056","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-056"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa"},{"reference_url":"https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4"},{"reference_url":"https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323"},{"reference_url":"https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180330-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180330-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180330-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180330-0001/"},{"reference_url":"https://struts.apache.org/docs/s2-056.html","reference_id":"","reference_type":"","scores":[],"url":"https://struts.apache.org/docs/s2-056.html"},{"reference_url":"https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516"},{"reference_url":"https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/103516","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103516"},{"reference_url":"http://www.securitytracker.com/id/1040575","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561007","reference_id":"1561007","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561007"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2018-1327","reference_id":"CVE-2018-1327","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2018-1327"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1327","reference_id":"CVE-2018-1327","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1327"},{"reference_url":"https://github.com/advisories/GHSA-38cr-2ph5-frr9","reference_id":"GHSA-38cr-2ph5-frr9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38cr-2ph5-frr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27205?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16"}],"aliases":["CVE-2018-1327","GHSA-38cr-2ph5-frr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bgbt-j1n9-6yg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4895?format=json","vulnerability_id":"VCID-cm62-bsdz-yye2","summary":"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.","references":[{"reference_url":"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"0.94431","scoring_system":"epss","scoring_elements":"0.99985","published_at":"2026-04-29T12:55:00Z"},{"value":"0.94431","scoring_system":"epss","scoring_elements":"0.99984","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11776"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-057","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-057"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b"},{"reference_url":"https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e"},{"reference_url":"https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72"},{"reference_url":"https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d"},{"reference_url":"https://lgtm.com/blog/apache_struts_CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://lgtm.com/blog/apache_struts_CVE-2018-11776"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180822-0001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180822-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181018-0002","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181018-0002"},{"reference_url":"https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125"},{"reference_url":"https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888"},{"reference_url":"https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"},{"reference_url":"https://www.exploit-db.com/exploits/45260","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45260"},{"reference_url":"https://www.exploit-db.com/exploits/45262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45262"},{"reference_url":"https://www.exploit-db.com/exploits/45367","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45367"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/105125","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securityfocus.com/bid/105125"},{"reference_url":"http://www.securitytracker.com/id/1041547","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securitytracker.com/id/1041547"},{"reference_url":"http://www.securitytracker.com/id/1041888","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securitytracker.com/id/1041888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620019","reference_id":"1620019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620019"},{"reference_url":"https://www.exploit-db.com/exploits/45260/","reference_id":"45260","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45260/"},{"reference_url":"https://www.exploit-db.com/exploits/45262/","reference_id":"45262","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45262/"},{"reference_url":"https://www.exploit-db.com/exploits/45367/","reference_id":"45367","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45367/"},{"reference_url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py"},{"reference_url":"https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11776","reference_id":"CVE-2018-11776","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11776"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb"},{"reference_url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC","reference_id":"CVE-2018-11776-PYTHON-POC","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"},{"reference_url":"https://github.com/advisories/GHSA-cr6j-3jp9-rw65","reference_id":"GHSA-cr6j-3jp9-rw65","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr6j-3jp9-rw65"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180822-0001/","reference_id":"ntap-20180822-0001","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180822-0001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32221?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35"},{"url":"http://public2.vulnerablecode.io/api/packages/32222?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17"}],"aliases":["CVE-2018-11776","GHSA-cr6j-3jp9-rw65"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm62-bsdz-yye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17939?format=json","vulnerability_id":"VCID-dk2f-14xj-9bf8","summary":"Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34396","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30194","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30281","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30232","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30099","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30159","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31376","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31428","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3147","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31404","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31425","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31391","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31083","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31207","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34396"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-064","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-064"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/06/14/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/06/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34396","reference_id":"CVE-2023-34396","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34396"},{"reference_url":"https://github.com/advisories/GHSA-4g42-gqrg-4633","reference_id":"GHSA-4g42-gqrg-4633","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g42-gqrg-4633"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005/","reference_id":"ntap-20230706-0005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58046?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31"},{"url":"http://public2.vulnerablecode.io/api/packages/58047?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-gfxq-vtry-bqgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1"}],"aliases":["CVE-2023-34396","GHSA-4g42-gqrg-4633"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk2f-14xj-9bf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6686?format=json","vulnerability_id":"VCID-evh9-mua1-2bem","summary":"XWork ParameterInterceptors bypass allows remote command execution\nThe OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the \"#\" protection mechanism in ParameterInterceptors via the `#context`, `#_memberAccess`, `#root`, `#this`, `#_typeResolver`, `#_classResolver`, `#_traceEvaluations`, `#_lastEvaluation`, `#_keepLastEvaluation`, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.","references":[{"reference_url":"http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"},{"reference_url":"http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"},{"reference_url":"http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1870","reference_id":"","reference_type":"","scores":[{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99738","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99743","published_at":"2026-04-29T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.9974","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99735","published_at":"2026-04-02T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99739","published_at":"2026-04-18T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99736","published_at":"2026-04-04T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99742","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1870"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-003","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-003"},{"reference_url":"http://seclists.org/fulldisclosure/2010/Jul/183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2010/Jul/183"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Oct/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2020/Oct/23"},{"reference_url":"http://secunia.com/advisories/59110","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59110"},{"reference_url":"http://securityreason.com/securityalert/8345","reference_id":"","reference_type":"","scores":[],"url":"http://securityreason.com/securityalert/8345"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1870","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1870"},{"reference_url":"http://struts.apache.org/2.2.1/docs/s2-005.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.2.1/docs/s2-005.html"},{"reference_url":"http://struts.apache.org/docs/s2-005.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-005.html"},{"reference_url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"},{"reference_url":"http://www.exploit-db.com/exploits/14360","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/14360"},{"reference_url":"http://www.osvdb.org/66280","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/66280"},{"reference_url":"http://www.securityfocus.com/bid/41592","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/41592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1123727","reference_id":"1123727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1123727"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt","reference_id":"CVE-2010-1870;OSVDB-66280","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb","reference_id":"CVE-2010-1870;OSVDB-66280","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb"},{"reference_url":"https://github.com/advisories/GHSA-x5fc-pgpx-59j5","reference_id":"GHSA-x5fc-pgpx-59j5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x5fc-pgpx-59j5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19979?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-fv6w-cdtc-kkhx"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-gv5f-auvz-5fda"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-nmgp-r7hb-5ke1"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-r28t-sdc5-kbga"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-x65e-31g3-77bp"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-z1gf-169n-m3af"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1"}],"aliases":["CVE-2010-1870","GHSA-x5fc-pgpx-59j5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evh9-mua1-2bem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52039?format=json","vulnerability_id":"VCID-fv6w-cdtc-kkhx","summary":"Struts ParameterInterceptor vulnerability allows remote command execution\nRegular expression in ParametersInterceptor matches `top['foo'](0)` as a valid expression, which OGNL treats as `(top['foo'])(0)` and evaluates the value of 'foo' action parameter as an OGNL expression. This lets malicious users put arbitrary OGNL statements into any String variable exposed by an action and have it evaluated as an OGNL expression and since OGNL statement is in HTTP parameter value attacker can use blacklisted characters (e.g. #) to disable method execution and execute arbitrary methods, bypassing the ParametersInterceptor and OGNL library protections.","references":[{"reference_url":"http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3923","reference_id":"","reference_type":"","scores":[{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99646","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99645","published_at":"2026-04-26T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99644","published_at":"2026-04-24T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99643","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99641","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.9964","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99637","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3923"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"},{"reference_url":"http://seclists.org/fulldisclosure/2014/Jul/38","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2014/Jul/38"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3923","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3923"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2011-3923","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2011-3923"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-009.html"},{"reference_url":"http://struts.apache.org/docs/s2-009.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-009.html"},{"reference_url":"https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38"},{"reference_url":"http://www.exploit-db.com/exploits/24874","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/24874"},{"reference_url":"http://www.securityfocus.com/bid/51628","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/51628"},{"reference_url":"http://www.securitytracker.com/id?1026575","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1026575"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb","reference_id":"CVE-2011-3923;OSVDB-78501","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb"},{"reference_url":"https://github.com/advisories/GHSA-j68f-8h6p-9h5q","reference_id":"GHSA-j68f-8h6p-9h5q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j68f-8h6p-9h5q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22233?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2"}],"aliases":["CVE-2011-3923","GHSA-j68f-8h6p-9h5q"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fv6w-cdtc-kkhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20138?format=json","vulnerability_id":"VCID-gfxq-vtry-bqgg","summary":"Files or Directories Accessible to External Parties\nAn attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.","references":[{"reference_url":"http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50164","reference_id":"","reference_type":"","scores":[{"value":"0.92864","scoring_system":"epss","scoring_elements":"0.99769","published_at":"2026-04-21T12:55:00Z"},{"value":"0.92864","scoring_system":"epss","scoring_elements":"0.99771","published_at":"2026-04-24T12:55:00Z"},{"value":"0.92864","scoring_system":"epss","scoring_elements":"0.99772","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93657","scoring_system":"epss","scoring_elements":"0.99844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93657","scoring_system":"epss","scoring_elements":"0.99841","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93657","scoring_system":"epss","scoring_elements":"0.99842","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93657","scoring_system":"epss","scoring_elements":"0.99843","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50164"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-066","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-066"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163"},{"reference_url":"https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6"},{"reference_url":"https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0010","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231214-0010"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/07/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/12/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/07/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/07/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253938","reference_id":"2253938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253938"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50164","reference_id":"CVE-2023-50164","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50164"},{"reference_url":"https://github.com/advisories/GHSA-2j39-qcjm-428w","reference_id":"GHSA-2j39-qcjm-428w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j39-qcjm-428w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61587?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-j8jv-hzsy-nyec"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33"},{"url":"http://public2.vulnerablecode.io/api/packages/61588?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2"}],"aliases":["CVE-2023-50164","GHSA-2j39-qcjm-428w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfxq-vtry-bqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5069?format=json","vulnerability_id":"VCID-gv5f-auvz-5fda","summary":"The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0393","reference_id":"","reference_type":"","scores":[{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98214","published_at":"2026-04-21T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98216","published_at":"2026-04-29T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98215","published_at":"2026-04-24T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98209","published_at":"2026-04-13T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98207","published_at":"2026-04-09T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98206","published_at":"2026-04-08T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98201","published_at":"2026-04-07T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.982","published_at":"2026-04-04T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98193","published_at":"2026-04-01T12:55:00Z"},{"value":"0.58542","scoring_system":"epss","scoring_elements":"0.98196","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0393"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-008.html"},{"reference_url":"http://struts.apache.org/2.x/docs/version-notes-2311.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/version-notes-2311.html"},{"reference_url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/"},{"reference_url":"http://www.exploit-db.com/exploits/18329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/18329"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=773164","reference_id":"773164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=773164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0393","reference_id":"CVE-2012-0393","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0393"},{"reference_url":"https://github.com/advisories/GHSA-hxqq-w4mr-mc62","reference_id":"GHSA-hxqq-w4mr-mc62","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxqq-w4mr-mc62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20038?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-fv6w-cdtc-kkhx"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/84298?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-fv6w-cdtc-kkhx"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.1"}],"aliases":["CVE-2012-0393","GHSA-hxqq-w4mr-mc62"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv5f-auvz-5fda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5047?format=json","vulnerability_id":"VCID-h4yg-zrv6-aqa1","summary":"ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045"},{"reference_url":"http://jvn.jp/en/jp/JVN19294237/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19294237/index.html"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0910","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0910"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0112","reference_id":"","reference_type":"","scores":[{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99671","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.9966","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99661","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99663","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99664","published_at":"2026-04-13T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99665","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99666","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99668","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.9967","published_at":"2026-04-26T12:55:00Z"},{"value":"0.91424","scoring_system":"epss","scoring_elements":"0.99659","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091939","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091939"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-021","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-021"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0112","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0112"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"https://github.com/advisories/GHSA-prjv-jj26-wf8h","reference_id":"GHSA-prjv-jj26-wf8h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prjv-jj26-wf8h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20586?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20924?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0112","GHSA-prjv-jj26-wf8h"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4yg-zrv6-aqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13718?format=json","vulnerability_id":"VCID-hgj2-vqzn-gyeb","summary":"Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')\nThe fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31805","reference_id":"","reference_type":"","scores":[{"value":"0.93956","scoring_system":"epss","scoring_elements":"0.99887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93956","scoring_system":"epss","scoring_elements":"0.99884","published_at":"2026-04-12T12:55:00Z"},{"value":"0.93956","scoring_system":"epss","scoring_elements":"0.99886","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93956","scoring_system":"epss","scoring_elements":"0.99885","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93956","scoring_system":"epss","scoring_elements":"0.99881","published_at":"2026-04-01T12:55:00Z"},{"value":"0.93956","scoring_system":"epss","scoring_elements":"0.99882","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93956","scoring_system":"epss","scoring_elements":"0.99883","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31805"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-062","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220420-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220420-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220420-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220420-0001/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/12/6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/04/12/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074788","reference_id":"2074788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074788"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31805","reference_id":"CVE-2021-31805","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31805"},{"reference_url":"https://github.com/advisories/GHSA-v8j6-6c2r-r27c","reference_id":"GHSA-v8j6-6c2r-r27c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8j6-6c2r-r27c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49162?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30"}],"aliases":["CVE-2021-31805","GHSA-v8j6-6c2r-r27c"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgj2-vqzn-gyeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4752?format=json","vulnerability_id":"VCID-hkjh-35ye-1ugj","summary":"Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2115","reference_id":"","reference_type":"","scores":[{"value":"0.87487","scoring_system":"epss","scoring_elements":"0.99454","published_at":"2026-04-01T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99472","published_at":"2026-04-29T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99471","published_at":"2026-04-24T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99469","published_at":"2026-04-21T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99468","published_at":"2026-04-16T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99465","published_at":"2026-04-13T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99464","published_at":"2026-04-11T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99463","published_at":"2026-04-09T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99462","published_at":"2026-04-08T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99461","published_at":"2026-04-07T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99459","published_at":"2026-04-04T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99457","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-013"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-014","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-014"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650"},{"reference_url":"https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d"},{"reference_url":"https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6"},{"reference_url":"https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4063","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4063"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-014.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-014.html"},{"reference_url":"http://struts.apache.org/docs/s2-014.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-014.html"},{"reference_url":"https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167"},{"reference_url":"http://www.securityfocus.com/bid/60167","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60167"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2115","reference_id":"CVE-2013-2115","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2115"},{"reference_url":"https://github.com/advisories/GHSA-7ghm-rpc7-p7g5","reference_id":"GHSA-7ghm-rpc7-p7g5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ghm-rpc7-p7g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20314?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2"}],"aliases":["CVE-2013-2115","GHSA-7ghm-rpc7-p7g5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkjh-35ye-1ugj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4641?format=json","vulnerability_id":"VCID-j5su-cnqd-6yad","summary":"Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0785","reference_id":"","reference_type":"","scores":[{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95104","published_at":"2026-04-02T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95142","published_at":"2026-04-26T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95141","published_at":"2026-04-24T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95139","published_at":"2026-04-18T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95136","published_at":"2026-04-16T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95128","published_at":"2026-04-13T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95125","published_at":"2026-04-12T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95123","published_at":"2026-04-11T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95118","published_at":"2026-04-09T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95114","published_at":"2026-04-08T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95107","published_at":"2026-04-07T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95093","published_at":"2026-04-01T12:55:00Z"},{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95105","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364"},{"reference_url":"http://struts.apache.org/docs/s2-029.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-029.html"},{"reference_url":"https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066"},{"reference_url":"https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271"},{"reference_url":"http://www.securityfocus.com/bid/85066","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/85066"},{"reference_url":"http://www.securitytracker.com/id/1035271","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326720","reference_id":"1326720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326720"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0785","reference_id":"CVE-2016-0785","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0785"},{"reference_url":"https://github.com/advisories/GHSA-876p-4wgc-75rx","reference_id":"GHSA-876p-4wgc-75rx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-876p-4wgc-75rx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22262?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22085?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/22241?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-0785","GHSA-876p-4wgc-75rx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5su-cnqd-6yad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6747?format=json","vulnerability_id":"VCID-k6mz-k1yb-4uej","summary":"CSRF protection bypass\nThe token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4386","reference_id":"","reference_type":"","scores":[{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87117","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87065","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87073","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87086","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87076","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87092","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87096","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87111","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87022","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87033","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87052","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87045","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4386"},{"reference_url":"http://secunia.com/advisories/50420","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50420"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78182","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78182"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3858","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3858"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4386","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4386"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-010.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-010.html"},{"reference_url":"http://struts.apache.org/docs/s2-010.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-010.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/5"},{"reference_url":"http://www.securityfocus.com/bid/55346","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55346"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-2rvh-q539-q33v","reference_id":"GHSA-2rvh-q539-q33v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rvh-q539-q33v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20101?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1"}],"aliases":["CVE-2012-4386","GHSA-2rvh-q539-q33v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6mz-k1yb-4uej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4905?format=json","vulnerability_id":"VCID-kdsa-599r-eud7","summary":"The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045"},{"reference_url":"http://jvn.jp/en/jp/JVN19294237/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19294237/index.html"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0094","reference_id":"","reference_type":"","scores":[{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99796","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99795","published_at":"2026-04-08T12:55:00Z"},{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99794","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99799","published_at":"2026-04-29T12:55:00Z"},{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99798","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0094"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f"},{"reference_url":"https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-020.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-020.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"http://www.konakart.com/downloads/ver-7-3-0-0-whats-new","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.konakart.com/downloads/ver-7-3-0-0-whats-new"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1073716","reference_id":"1073716","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1073716"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0094","reference_id":"CVE-2014-0094","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0094"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb","reference_id":"CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb","reference_id":"CVE-2014-0114;CVE-2014-0112;CVE-2014-0094","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb","reference_id":"CVE-2014-0114;CVE-2014-0112;CVE-2014-0094","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb"},{"reference_url":"https://github.com/advisories/GHSA-vrwc-qjmw-5rjm","reference_id":"GHSA-vrwc-qjmw-5rjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrwc-qjmw-5rjm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20586?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"}],"aliases":["CVE-2014-0094","GHSA-vrwc-qjmw-5rjm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kdsa-599r-eud7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8195?format=json","vulnerability_id":"VCID-me84-wy85-hkf5","summary":"Cross-Site Scripting vulnerability on \"Problem Report\" screen\nWhen Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.","references":[{"reference_url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"},{"reference_url":"http://jvn.jp/en/jp/JVN95989300/index.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN95989300/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5169","reference_id":"","reference_type":"","scores":[{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78914","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78917","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78919","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78968","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78952","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78944","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78879","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78861","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78886","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78916","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78844","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.78891","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.789","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.7885","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260087","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260087"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5169","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5169"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0003/"},{"reference_url":"https://struts.apache.org/docs/s2-025.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-025.html"},{"reference_url":"http://www.securityfocus.com/bid/76625","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/76625"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-vwhv-j36g-5rm8","reference_id":"GHSA-vwhv-j36g-5rm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vwhv-j36g-5rm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20924?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2015-5169","GHSA-vwhv-j36g-5rm8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-me84-wy85-hkf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4820?format=json","vulnerability_id":"VCID-n2dn-bnjc-13gp","summary":"CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0113","reference_id":"","reference_type":"","scores":[{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99215","published_at":"2026-04-29T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99209","published_at":"2026-04-16T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.9921","published_at":"2026-04-12T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99211","published_at":"2026-04-18T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99212","published_at":"2026-04-21T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99214","published_at":"2026-04-26T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.992","published_at":"2026-04-01T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99204","published_at":"2026-04-04T12:55:00Z"},{"value":"0.82051","scoring_system":"epss","scoring_elements":"0.99208","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0113"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-021","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-021"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0113","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0113"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092201","reference_id":"1092201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092201"},{"reference_url":"https://github.com/advisories/GHSA-3c5c-xrq4-qhr8","reference_id":"GHSA-3c5c-xrq4-qhr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3c5c-xrq4-qhr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20586?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/20924?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0113","GHSA-3c5c-xrq4-qhr8"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2dn-bnjc-13gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4596?format=json","vulnerability_id":"VCID-n4fb-crnk-eugz","summary":"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1965","reference_id":"","reference_type":"","scores":[{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99687","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99691","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99686","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.9969","published_at":"2026-04-18T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99689","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99684","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99688","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967655","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967655"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-012.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-012.html"},{"reference_url":"http://struts.apache.org/docs/s2-012.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-012.html"},{"reference_url":"https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082"},{"reference_url":"http://www.securityfocus.com/bid/60082","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60082"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts2-showcase:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1965","reference_id":"CVE-2013-1965","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1965"},{"reference_url":"https://github.com/advisories/GHSA-whmq-v94q-34p9","reference_id":"GHSA-whmq-v94q-34p9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whmq-v94q-34p9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20324?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-1965","GHSA-whmq-v94q-34p9"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4fb-crnk-eugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4898?format=json","vulnerability_id":"VCID-nmgp-r7hb-5ke1","summary":"The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0391","reference_id":"","reference_type":"","scores":[{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.995","published_at":"2026-04-24T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99499","published_at":"2026-04-21T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99498","published_at":"2026-04-18T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99495","published_at":"2026-04-12T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99493","published_at":"2026-04-09T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99492","published_at":"2026-04-07T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99488","published_at":"2026-04-02T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.9949","published_at":"2026-04-04T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99502","published_at":"2026-04-29T12:55:00Z"},{"value":"0.88319","scoring_system":"epss","scoring_elements":"0.99501","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0391"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b"},{"reference_url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3668","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"https://issues.apache.org/jira/browse/WW-3668"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-008.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://struts.apache.org/2.x/docs/s2-008.html"},{"reference_url":"http://struts.apache.org/2.x/docs/version-notes-2311.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://struts.apache.org/2.x/docs/version-notes-2311.html"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391"},{"reference_url":"https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"http://www.exploit-db.com/exploits/18329","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://www.exploit-db.com/exploits/18329"},{"reference_url":"http://secunia.com/advisories/47393","reference_id":"47393","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://secunia.com/advisories/47393"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=773159","reference_id":"773159","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=773159"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0391","reference_id":"CVE-2012-0391","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0391"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb","reference_id":"CVE-2012-0391;OSVDB-78277","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt","reference_id":"CVE-2012-0394;CVE-2012-0393;CVE-2012-0392;CVE-2012-0391;OSVDB-78277;OSVDB-78276;OSVDB-78109;OSVDB-78108","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt"},{"reference_url":"https://github.com/advisories/GHSA-4wrr-9h5r-m92w","reference_id":"GHSA-4wrr-9h5r-m92w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wrr-9h5r-m92w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20038?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-fv6w-cdtc-kkhx"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"}],"aliases":["CVE-2012-0391","GHSA-4wrr-9h5r-m92w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmgp-r7hb-5ke1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4658?format=json","vulnerability_id":"VCID-q96z-v3bs-k3dg","summary":"Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4387","reference_id":"","reference_type":"","scores":[{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92053","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92057","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92058","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92054","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92056","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92059","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92044","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92003","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92043","published_at":"2026-04-11T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.9204","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92019","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4387"},{"reference_url":"http://secunia.com/advisories/50420","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50420"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78183"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9"},{"reference_url":"https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3860","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3860"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4387","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4387"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-011.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-011.html"},{"reference_url":"http://struts.apache.org/docs/s2-011.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-011.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/5"},{"reference_url":"http://www.securityfocus.com/bid/55346","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55346"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-hrgc-54mv-58gv","reference_id":"GHSA-hrgc-54mv-58gv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hrgc-54mv-58gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20101?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1"}],"aliases":["CVE-2012-4387","GHSA-hrgc-54mv-58gv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q96z-v3bs-k3dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6866?format=json","vulnerability_id":"VCID-qqm4-frqy-bua5","summary":"XSS via malicious action parameter\nMultiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to `actionNames.action` and `showConfig.action` in `config-browser/`.","references":[{"reference_url":"http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86071","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86035","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86033","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86028","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86046","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.8605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86042","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86062","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86072","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.85965","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.85976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.85992","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.85991","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86011","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.8602","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6348"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Oct/244","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2013/Oct/244"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4213","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4213"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6348"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2013-6348"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1533354","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1533354"},{"reference_url":"https://ubuntu.com/security/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/security/CVE-2013-6348"},{"reference_url":"https://github.com/advisories/GHSA-3g8j-jj54-3vjg","reference_id":"GHSA-3g8j-jj54-3vjg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3g8j-jj54-3vjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22239?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16"}],"aliases":["CVE-2013-6348","GHSA-3g8j-jj54-3vjg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qqm4-frqy-bua5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4615?format=json","vulnerability_id":"VCID-r28t-sdc5-kbga","summary":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0392","reference_id":"","reference_type":"","scores":[{"value":"0.74968","scoring_system":"epss","scoring_elements":"0.98883","published_at":"2026-04-29T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99357","published_at":"2026-04-21T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99355","published_at":"2026-04-13T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99353","published_at":"2026-04-11T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99351","published_at":"2026-04-09T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99349","published_at":"2026-04-07T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99346","published_at":"2026-04-02T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99348","published_at":"2026-04-04T12:55:00Z"},{"value":"0.85099","scoring_system":"epss","scoring_elements":"0.99359","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0392"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58"},{"reference_url":"https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-008.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-008.html"},{"reference_url":"http://struts.apache.org/2.x/docs/version-notes-2311.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/version-notes-2311.html"},{"reference_url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/"},{"reference_url":"http://www.exploit-db.com/exploits/18329","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/18329"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=773162","reference_id":"773162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=773162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0392","reference_id":"CVE-2012-0392","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0392"},{"reference_url":"https://github.com/advisories/GHSA-2ppp-xj34-vvf7","reference_id":"GHSA-2ppp-xj34-vvf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ppp-xj34-vvf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20038?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-fv6w-cdtc-kkhx"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"}],"aliases":["CVE-2012-0392","GHSA-2ppp-xj34-vvf7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r28t-sdc5-kbga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15580?format=json","vulnerability_id":"VCID-tcaj-6bcg-k7g2","summary":"Improper Input Validation\nThe TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3090","reference_id":"","reference_type":"","scores":[{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84367","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84365","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84466","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84462","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84453","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84427","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84425","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84402","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84406","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84412","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84395","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84389","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.8433","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3090"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0005","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0005/"},{"reference_url":"https://struts.apache.org/docs/s2-027.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-027.html"},{"reference_url":"https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131"},{"reference_url":"https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267"},{"reference_url":"https://www.securitytracker.com/id/1035267","reference_id":"","reference_type":"","scores":[],"url":"https://www.securitytracker.com/id/1035267"},{"reference_url":"http://www.securityfocus.com/bid/85131","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/85131"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.15.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.16.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3090","reference_id":"CVE-2016-3090","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3090"},{"reference_url":"https://github.com/advisories/GHSA-ggmp-fxfg-277r","reference_id":"GHSA-ggmp-fxfg-277r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ggmp-fxfg-277r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20924?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2016-3090","GHSA-ggmp-fxfg-277r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcaj-6bcg-k7g2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/20221?format=json","vulnerability_id":"VCID-tgd1-s1yg-9fdt","summary":"Apache Struts 2 is Missing XML Validation\nMissing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493","reference_id":"","reference_type":"","scores":[{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07607","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07673","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07691","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0769","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07676","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07585","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07572","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07712","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07661","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07638","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07598","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.0764","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00027","scoring_system":"epss","scoring_elements":"0.07615","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-069","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-069"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/01/11/2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/01/11/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559","reference_id":"2428559","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559"},{"reference_url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7","reference_id":"GHSA-qcfc-hmrc-59x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/169006?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/61702?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1"}],"aliases":["CVE-2025-68493","GHSA-qcfc-hmrc-59x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgd1-s1yg-9fdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5094?format=json","vulnerability_id":"VCID-vgp6-jxqt-pbf4","summary":"The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110"},{"reference_url":"http://jvn.jp/en/jp/JVN07710476/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN07710476/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4438","reference_id":"","reference_type":"","scores":[{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98357","published_at":"2026-04-26T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98334","published_at":"2026-04-01T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98339","published_at":"2026-04-04T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98341","published_at":"2026-04-07T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98346","published_at":"2026-04-08T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98347","published_at":"2026-04-09T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.9835","published_at":"2026-04-13T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98353","published_at":"2026-04-16T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98352","published_at":"2026-04-18T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98351","published_at":"2026-04-21T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98356","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348238","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348238"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c"},{"reference_url":"https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d"},{"reference_url":"https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c"},{"reference_url":"https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b"},{"reference_url":"https://struts.apache.org/docs/s2-037.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-037.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.securityfocus.com/bid/91275","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91275"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.20.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.24.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.3.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4438","reference_id":"CVE-2016-4438","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4438"},{"reference_url":"https://github.com/advisories/GHSA-4prj-vw9j-v6pr","reference_id":"GHSA-4prj-vw9j-v6pr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4prj-vw9j-v6pr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22670?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"}],"aliases":["CVE-2016-4438","GHSA-4prj-vw9j-v6pr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgp6-jxqt-pbf4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4652?format=json","vulnerability_id":"VCID-vkb9-11h4-dugp","summary":"Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1966","reference_id":"","reference_type":"","scores":[{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99643","published_at":"2026-04-12T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.9965","published_at":"2026-04-29T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99642","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99644","published_at":"2026-04-16T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99649","published_at":"2026-04-26T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99648","published_at":"2026-04-24T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99641","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.9964","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99646","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-013","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-013"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-013.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-013.html"},{"reference_url":"http://struts.apache.org/docs/s2-013.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-013.html"},{"reference_url":"http://struts.apache.org/docs/s2-014.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-014.html"},{"reference_url":"http://www.securityfocus.com/bid/60166","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60166"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1966","reference_id":"CVE-2013-1966","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1966"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb","reference_id":"CVE-2013-2115;OSVDB-93645;CVE-2013-1966","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb"},{"reference_url":"https://github.com/advisories/GHSA-737w-mh58-cxjp","reference_id":"GHSA-737w-mh58-cxjp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-737w-mh58-cxjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20314?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2"}],"aliases":["CVE-2013-1966","GHSA-737w-mh58-cxjp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vkb9-11h4-dugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4544?format=json","vulnerability_id":"VCID-vnkw-9fa2-zqcm","summary":"Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both \"${}\" and \"%{}\" sequences, which causes the OGNL code to be evaluated twice.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2135","reference_id":"","reference_type":"","scores":[{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99247","published_at":"2026-04-02T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99262","published_at":"2026-04-29T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99261","published_at":"2026-04-26T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99258","published_at":"2026-04-21T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99257","published_at":"2026-04-18T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99256","published_at":"2026-04-12T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99255","published_at":"2026-04-13T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.9925","published_at":"2026-04-04T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99245","published_at":"2026-04-01T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99253","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2135"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-015","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-015"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0"},{"reference_url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f"},{"reference_url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3"},{"reference_url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4090","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4090"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4094","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4094"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4095","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4095"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-015.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-015.html"},{"reference_url":"http://struts.apache.org/docs/s2-015.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-015.html"},{"reference_url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"},{"reference_url":"http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64758"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2135","reference_id":"CVE-2013-2135","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2135"},{"reference_url":"https://github.com/advisories/GHSA-pw8r-x2qm-3h5m","reference_id":"GHSA-pw8r-x2qm-3h5m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw8r-x2qm-3h5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20324?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-2135","GHSA-pw8r-x2qm-3h5m"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnkw-9fa2-zqcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6699?format=json","vulnerability_id":"VCID-x65e-31g3-77bp","summary":"Multiple XSS flaws in XWork\nMultiple cross-site scripting (XSS) vulnerabilities in XWork allow remote attackers to inject arbitrary web script or HTML via vectors involving an action name, the action attribute of an s:submit element, or the method attribute of an `s:submit` element.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"},{"reference_url":"http://jvn.jp/en/jp/JVN25435092/index.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN25435092/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1772","reference_id":"","reference_type":"","scores":[{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98244","published_at":"2026-04-24T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98228","published_at":"2026-04-04T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98246","published_at":"2026-04-29T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98225","published_at":"2026-04-02T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98229","published_at":"2026-04-07T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98242","published_at":"2026-04-21T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98237","published_at":"2026-04-13T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98223","published_at":"2026-04-01T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98234","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1772"},{"reference_url":"http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"},{"reference_url":"http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html","reference_id":"","reference_type":"","scores":[],"url":"http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3579","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3579"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1772","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1772"},{"reference_url":"http://struts.apache.org/2.2.3/docs/version-notes-223.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.2.3/docs/version-notes-223.html"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-006.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-006.html"},{"reference_url":"http://struts.apache.org/docs/s2-006.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-006.html"},{"reference_url":"http://www.securityfocus.com/bid/47784","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/47784"},{"reference_url":"http://www.ventuneac.net/security-advisories/MVSA-11-006","reference_id":"","reference_type":"","scores":[],"url":"http://www.ventuneac.net/security-advisories/MVSA-11-006"},{"reference_url":"http://www.vupen.com/english/advisories/2011/1198","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2011/1198"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=723827","reference_id":"723827","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=723827"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.1.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:struts:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:webwork:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt","reference_id":"CVE-2011-1772;OSVDB-72238","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt"},{"reference_url":"https://www.securityfocus.com/bid/47784/info","reference_id":"CVE-2011-1772;OSVDB-72238","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/47784/info"},{"reference_url":"https://github.com/advisories/GHSA-56f8-g68r-j699","reference_id":"GHSA-56f8-g68r-j699","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-56f8-g68r-j699"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20006?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-fv6w-cdtc-kkhx"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-gv5f-auvz-5fda"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-nmgp-r7hb-5ke1"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-r28t-sdc5-kbga"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-z1gf-169n-m3af"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3"}],"aliases":["CVE-2011-1772","GHSA-56f8-g68r-j699"],"risk_score":5.4,"exploitability":"2.0","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x65e-31g3-77bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4757?format=json","vulnerability_id":"VCID-xz41-1z86-37ew","summary":"","references":[{"reference_url":"http://archiva.apache.org/security.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://archiva.apache.org/security.html"},{"reference_url":"http://cxsecurity.com/issue/WLB-2014010087","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://cxsecurity.com/issue/WLB-2014010087"},{"reference_url":"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2251","reference_id":"","reference_type":"","scores":[{"value":"0.94325","scoring_system":"epss","scoring_elements":"0.99952","published_at":"2026-04-26T12:55:00Z"},{"value":"0.94325","scoring_system":"epss","scoring_elements":"0.99951","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94325","scoring_system":"epss","scoring_elements":"0.99953","published_at":"2026-04-29T12:55:00Z"},{"value":"0.94328","scoring_system":"epss","scoring_elements":"0.99952","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2251"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Oct/96","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://seclists.org/fulldisclosure/2013/Oct/96"},{"reference_url":"http://seclists.org/oss-sec/2014/q1/89","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://seclists.org/oss-sec/2014/q1/89"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6"},{"reference_url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4140","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4140"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-016.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-016.html"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251"},{"reference_url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.securitytracker.com/id/1032916","reference_id":"1032916","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securitytracker.com/id/1032916"},{"reference_url":"http://www.securityfocus.com/bid/61189","reference_id":"61189","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securityfocus.com/bid/61189"},{"reference_url":"http://osvdb.org/98445","reference_id":"98445","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://osvdb.org/98445"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt","reference_id":"CVE-2013-2251","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2251","reference_id":"CVE-2013-2251","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2251"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb","reference_id":"CVE-2013-2251;OSVDB-95405","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb"},{"reference_url":"https://github.com/advisories/GHSA-47qp-8v9g-39hp","reference_id":"GHSA-47qp-8v9g-39hp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47qp-8v9g-39hp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20328?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1"}],"aliases":["CVE-2013-2251","GHSA-47qp-8v9g-39hp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xz41-1z86-37ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13896?format=json","vulnerability_id":"VCID-y5uq-a6dx-3yd4","summary":"Unrestricted Upload of File with Dangerous Type\nA local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1592","reference_id":"","reference_type":"","scores":[{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69217","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69066","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69225","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69135","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69085","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69104","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69082","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69208","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69178","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.6917","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69131","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.6916","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69176","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69154","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76"},{"reference_url":"https://issues.apache.org/jira/browse/WW-5055","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-5055"},{"reference_url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://seclists.org/bugtraq/2012/Mar/110","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2012/Mar/110"},{"reference_url":"https://struts.apache.org/security/#internal-security-mechanism","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/security/#internal-security-mechanism"},{"reference_url":"https://www.openwall.com/lists/oss-security/2012/03/28/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2012/03/28/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/28/12","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/03/28/12"},{"reference_url":"https://access.redhat.com/security/cve/cve-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2012-1592"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2012-1592"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml","reference_id":"CVE-2012-1592;OSVDB-80547","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml"},{"reference_url":"https://www.securityfocus.com/bid/52702/info","reference_id":"CVE-2012-1592;OSVDB-80547","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/52702/info"},{"reference_url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf","reference_id":"GHSA-8m5q-crqq-6pmf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41963?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2012-1592","GHSA-8m5q-crqq-6pmf"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5uq-a6dx-3yd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4798?format=json","vulnerability_id":"VCID-ygbu-vb2t-jqhx","summary":"Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4436","reference_id":"","reference_type":"","scores":[{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90416","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90413","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90474","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90478","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90465","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90467","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90468","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.9046","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90433","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4436"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5"},{"reference_url":"https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4436","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4436"},{"reference_url":"https://struts.apache.org/docs/s2-035.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-035.html"},{"reference_url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280"},{"reference_url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348233","reference_id":"1348233","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348233"},{"reference_url":"https://github.com/advisories/GHSA-xm92-v2mq-842q","reference_id":"GHSA-xm92-v2mq-842q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xm92-v2mq-842q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/22670?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"},{"url":"http://public2.vulnerablecode.io/api/packages/22671?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-5qtg-djvn-97ht"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-zkg1-bed6-bbfv"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1"}],"aliases":["CVE-2016-4436","GHSA-xm92-v2mq-842q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ygbu-vb2t-jqhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5020?format=json","vulnerability_id":"VCID-z1gf-169n-m3af","summary":"Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012"},{"reference_url":"http://jvn.jp/en/jp/JVN79099262/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN79099262/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0838","reference_id":"","reference_type":"","scores":[{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93496","published_at":"2026-04-24T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93486","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93481","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93461","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93451","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93493","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.9346","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93443","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93455","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13997","scoring_system":"epss","scoring_elements":"0.94295","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13997","scoring_system":"epss","scoring_elements":"0.94304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13997","scoring_system":"epss","scoring_elements":"0.94315","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0838"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b"},{"reference_url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3668","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3668"},{"reference_url":"http://struts.apache.org/2.3.1.2/docs/s2-007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.3.1.2/docs/s2-007.html"},{"reference_url":"http://struts.apache.org/docs/s2-007.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-007.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799980","reference_id":"799980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799980"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0838","reference_id":"CVE-2012-0838","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0838"},{"reference_url":"https://github.com/advisories/GHSA-mwrx-hx6x-3hhv","reference_id":"GHSA-mwrx-hx6x-3hhv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwrx-hx6x-3hhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20038?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6241-shkt-s7ew"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-6t1x-s2k2-b7bq"},{"vulnerability":"VCID-759g-hsfg-97f8"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b59n-uxft-4qgz"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-fv6w-cdtc-kkhx"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-h4yg-zrv6-aqa1"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hkjh-35ye-1ugj"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-k6mz-k1yb-4uej"},{"vulnerability":"VCID-kdsa-599r-eud7"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-n2dn-bnjc-13gp"},{"vulnerability":"VCID-n4fb-crnk-eugz"},{"vulnerability":"VCID-q96z-v3bs-k3dg"},{"vulnerability":"VCID-qqm4-frqy-bua5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-vkb9-11h4-dugp"},{"vulnerability":"VCID-vnkw-9fa2-zqcm"},{"vulnerability":"VCID-xz41-1z86-37ew"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zb3c-gnyc-yug8"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"}],"aliases":["CVE-2012-0838","GHSA-mwrx-hx6x-3hhv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z1gf-169n-m3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4906?format=json","vulnerability_id":"VCID-zb3c-gnyc-yug8","summary":"CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0116","reference_id":"","reference_type":"","scores":[{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86225","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86183","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86179","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86196","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86202","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86193","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86215","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86114","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86124","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.8614","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86159","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86171","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86186","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0116"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0116","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0116"},{"reference_url":"http://struts.apache.org/docs/s2-022.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-022.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-022.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-022.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1094558","reference_id":"1094558","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1094558"},{"reference_url":"https://github.com/advisories/GHSA-hmhq-382q-mp56","reference_id":"GHSA-hmhq-382q-mp56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmhq-382q-mp56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20665?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-2v7h-fght-cugn"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-8mws-fbmg-cqa9"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-me84-wy85-hkf5"},{"vulnerability":"VCID-tcaj-6bcg-k7g2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3"},{"url":"http://public2.vulnerablecode.io/api/packages/20924?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2chz-36wn-9fcv"},{"vulnerability":"VCID-2rjv-1thm-dugt"},{"vulnerability":"VCID-3yq7-n972-j7dh"},{"vulnerability":"VCID-4agy-6nsx-7ufh"},{"vulnerability":"VCID-579w-2k2v-efa2"},{"vulnerability":"VCID-6hrc-fm64-ckhf"},{"vulnerability":"VCID-74ab-1p1c-4qbd"},{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-7c97-nj5a-hqb8"},{"vulnerability":"VCID-7fgd-jnfe-gkhp"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-8bsh-bshc-vkgq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-at5c-f8p8-67fh"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-bgbt-j1n9-6yg5"},{"vulnerability":"VCID-cm62-bsdz-yye2"},{"vulnerability":"VCID-czjh-bpfk-3yh6"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-j5su-cnqd-6yad"},{"vulnerability":"VCID-mdde-pa5h-w7g4"},{"vulnerability":"VCID-p9xh-frm5-8ucp"},{"vulnerability":"VCID-sf53-bgb2-7ue2"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"},{"vulnerability":"VCID-vgp6-jxqt-pbf4"},{"vulnerability":"VCID-y4qu-21c9-6fav"},{"vulnerability":"VCID-y5uq-a6dx-3yd4"},{"vulnerability":"VCID-ygbu-vb2t-jqhx"},{"vulnerability":"VCID-zxww-8kb3-tufv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0116","GHSA-hmhq-382q-mp56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zb3c-gnyc-yug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54810?format=json","vulnerability_id":"VCID-zxww-8kb3-tufv","summary":"Improper Preservation of Permissions in Apache Struts\nAn access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0233","reference_id":"","reference_type":"","scores":[{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91975","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91924","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91932","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.9194","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91946","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91959","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91967","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91966","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91963","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91982","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91979","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91976","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.91981","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0233"},{"reference_url":"https://cwiki.apache.org/confluence/display/ww/s2-060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/ww/s2-060"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2982840","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.support.sap.com/#/notes/2982840"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0233","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0233"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869682","reference_id":"1869682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869682"},{"reference_url":"https://github.com/advisories/GHSA-ccp5-gg58-pxfm","reference_id":"GHSA-ccp5-gg58-pxfm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ccp5-gg58-pxfm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41963?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-87fh-rvvb-6ubq"},{"vulnerability":"VCID-95ts-vpk6-uubg"},{"vulnerability":"VCID-b7zy-qhz9-tuar"},{"vulnerability":"VCID-dk2f-14xj-9bf8"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-tgd1-s1yg-9fdt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2019-0233","GHSA-ccp5-gg58-pxfm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zxww-8kb3-tufv"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.8"}