{"url":"http://public2.vulnerablecode.io/api/packages/389500?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.23","type":"maven","namespace":"org.apache.struts","name":"struts2-core","version":"2.3.23","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.0.11.1","latest_non_vulnerable_version":"7.1.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30316?format=json","vulnerability_id":"VCID-5wx9-6ee5-xqg2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611","reference_id":"","reference_type":"","scores":[{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99929","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa"},{"reference_url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f"},{"reference_url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"},{"reference_url":"https://struts.apache.org/docs/s2-053.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-053.html"},{"reference_url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"},{"reference_url":"http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478","reference_id":"1489478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478"},{"reference_url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611","reference_id":"CVE-2017-12611","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611"},{"reference_url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm","reference_id":"GHSA-8fx9-5hx8-crhm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13816?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x5xf-1xja-g3h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34"},{"url":"http://public2.vulnerablecode.io/api/packages/13813?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/13819?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-aep9-2qge-vuen"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12"}],"aliases":["CVE-2017-12611","GHSA-8fx9-5hx8-crhm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wx9-6ee5-xqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30282?format=json","vulnerability_id":"VCID-aep9-2qge-vuen","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9804","reference_id":"","reference_type":"","scores":[{"value":"0.04618","scoring_system":"epss","scoring_elements":"0.89503","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9804"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/3fddfb6eb562d597c935084e9e81d43ed6bcd02"},{"reference_url":"https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/418a20c0594f23764fe29ced400c1219239899a"},{"reference_url":"https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/744c1f409d983641af3e8e3b573c2f2d2c2c6d9"},{"reference_url":"https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8a04e80f01350c90f053d71366d5e0c2186fded"},{"reference_url":"https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/9d47af6ffa355977b5acc713e6d1f25fac260a2"},{"reference_url":"https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/a05259ed69a5a48379aa91650e4cd1cb4bd6e5a"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0001/"},{"reference_url":"https://struts.apache.org/docs/s2-050.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-050.html"},{"reference_url":"https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20171113165852/http://www.securityfocus.com/bid/100612"},{"reference_url":"https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201021075553/http://www.securitytracker.com/id/1039261"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"},{"reference_url":"http://www.securityfocus.com/bid/100612","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100612"},{"reference_url":"http://www.securitytracker.com/id/1039261","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039261"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488491","reference_id":"1488491","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488491"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9804","reference_id":"CVE-2017-9804","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9804"},{"reference_url":"https://github.com/advisories/GHSA-x5x7-3v85-wpc4","reference_id":"GHSA-x5x7-3v85-wpc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x5x7-3v85-wpc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388596?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-ucby-p8k5-nkam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24"},{"url":"http://public2.vulnerablecode.io/api/packages/13816?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-x5xf-1xja-g3h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34"},{"url":"http://public2.vulnerablecode.io/api/packages/13824?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.13"}],"aliases":["CVE-2017-9804","GHSA-x5x7-3v85-wpc4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aep9-2qge-vuen"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.23"}