{"url":"http://public2.vulnerablecode.io/api/packages/397448?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.0.5","type":"maven","namespace":"org.apache.struts","name":"struts2-core","version":"2.0.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.8.0","latest_non_vulnerable_version":"7.1.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30221?format=json","vulnerability_id":"VCID-1e58-4y53-muef","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2135","reference_id":"","reference_type":"","scores":[{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99276","published_at":"2026-06-11T12:55:00Z"},{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99277","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2135"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-015","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-015"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0"},{"reference_url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f"},{"reference_url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3"},{"reference_url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4090","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4090"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4094","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4094"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4095","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4095"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2135","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2135"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-015.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-015.html"},{"reference_url":"http://struts.apache.org/docs/s2-015.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-015.html"},{"reference_url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"},{"reference_url":"https://github.com/advisories/GHSA-pw8r-x2qm-3h5m","reference_id":"GHSA-pw8r-x2qm-3h5m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pw8r-x2qm-3h5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384574?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-2135","GHSA-pw8r-x2qm-3h5m"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1e58-4y53-muef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30304?format=json","vulnerability_id":"VCID-1ujm-nqz8-c3cs","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1966","reference_id":"","reference_type":"","scores":[{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99661","published_at":"2026-06-11T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99662","published_at":"2026-06-12T12:55:00Z"},{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.99663","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-013","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-013"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1966","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1966"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-013.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-013.html"},{"reference_url":"http://struts.apache.org/docs/s2-013.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-013.html"},{"reference_url":"http://struts.apache.org/docs/s2-014.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-014.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb","reference_id":"CVE-2013-2115;OSVDB-93645;CVE-2013-1966","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb"},{"reference_url":"https://github.com/advisories/GHSA-737w-mh58-cxjp","reference_id":"GHSA-737w-mh58-cxjp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-737w-mh58-cxjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21594?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2"}],"aliases":["CVE-2013-1966","GHSA-737w-mh58-cxjp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ujm-nqz8-c3cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/308642?format=json","vulnerability_id":"VCID-1vm1-djr2-hqa9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0233","reference_id":"","reference_type":"","scores":[{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.92177","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.92182","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.92183","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.9215","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0233"},{"reference_url":"https://cwiki.apache.org/confluence/display/ww/s2-060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/ww/s2-060"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2982840","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.support.sap.com/#/notes/2982840"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0233","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0233"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869682","reference_id":"1869682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869682"},{"reference_url":"https://github.com/advisories/GHSA-ccp5-gg58-pxfm","reference_id":"GHSA-ccp5-gg58-pxfm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ccp5-gg58-pxfm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18162?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2019-0233","GHSA-ccp5-gg58-pxfm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vm1-djr2-hqa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/748?format=json","vulnerability_id":"VCID-51hz-ptkt-9kde","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0785","reference_id":"","reference_type":"","scores":[{"value":"0.13414","scoring_system":"epss","scoring_elements":"0.94373","published_at":"2026-06-12T12:55:00Z"},{"value":"0.13414","scoring_system":"epss","scoring_elements":"0.94354","published_at":"2026-06-11T12:55:00Z"},{"value":"0.13414","scoring_system":"epss","scoring_elements":"0.94379","published_at":"2026-06-14T12:55:00Z"},{"value":"0.13414","scoring_system":"epss","scoring_elements":"0.94377","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0785","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0785"},{"reference_url":"http://struts.apache.org/docs/s2-029.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-029.html"},{"reference_url":"https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066"},{"reference_url":"https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326720","reference_id":"1326720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326720"},{"reference_url":"https://github.com/advisories/GHSA-876p-4wgc-75rx","reference_id":"GHSA-876p-4wgc-75rx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-876p-4wgc-75rx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384683?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/384684?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/384617?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-0785","GHSA-876p-4wgc-75rx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-51hz-ptkt-9kde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30311?format=json","vulnerability_id":"VCID-5hca-2z7m-mbb2","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4387","reference_id":"","reference_type":"","scores":[{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92226","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92253","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92258","published_at":"2026-06-13T12:55:00Z"},{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92257","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4387"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78183"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9"},{"reference_url":"https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3860","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3860"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4387","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4387"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-011.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-011.html"},{"reference_url":"http://struts.apache.org/docs/s2-011.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-011.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/5"},{"reference_url":"https://github.com/advisories/GHSA-hrgc-54mv-58gv","reference_id":"GHSA-hrgc-54mv-58gv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hrgc-54mv-58gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384469?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1"}],"aliases":["CVE-2012-4387","GHSA-hrgc-54mv-58gv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hca-2z7m-mbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30634?format=json","vulnerability_id":"VCID-5hw1-m7yk-tbcg","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045"},{"reference_url":"http://jvn.jp/en/jp/JVN19294237/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19294237/index.html"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0910","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0910"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0112","reference_id":"","reference_type":"","scores":[{"value":"0.91467","scoring_system":"epss","scoring_elements":"0.99684","published_at":"2026-06-14T12:55:00Z"},{"value":"0.91467","scoring_system":"epss","scoring_elements":"0.99683","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0112"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-021","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-021"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0112","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0112"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091939","reference_id":"1091939","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091939"},{"reference_url":"https://github.com/advisories/GHSA-prjv-jj26-wf8h","reference_id":"GHSA-prjv-jj26-wf8h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-prjv-jj26-wf8h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386240?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/384794?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y2p9-ptgf-n3gp"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0112","GHSA-prjv-jj26-wf8h"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hw1-m7yk-tbcg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30316?format=json","vulnerability_id":"VCID-5wx9-6ee5-xqg2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611","reference_id":"","reference_type":"","scores":[{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99929","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa"},{"reference_url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f"},{"reference_url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"},{"reference_url":"https://struts.apache.org/docs/s2-053.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-053.html"},{"reference_url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"},{"reference_url":"http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478","reference_id":"1489478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478"},{"reference_url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611","reference_id":"CVE-2017-12611","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611"},{"reference_url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm","reference_id":"GHSA-8fx9-5hx8-crhm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384683?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/13816?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34"},{"url":"http://public2.vulnerablecode.io/api/packages/13812?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gff5-qugq-zbf1"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/13813?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/13819?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12"}],"aliases":["CVE-2017-12611","GHSA-8fx9-5hx8-crhm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wx9-6ee5-xqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/260258?format=json","vulnerability_id":"VCID-68qk-857f-hubx","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000106"},{"reference_url":"http://jvn.jp/en/jp/JVN25435092/index.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN25435092/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1772.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1772","reference_id":"","reference_type":"","scores":[{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98274","published_at":"2026-06-11T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.9828","published_at":"2026-06-12T12:55:00Z"},{"value":"0.59227","scoring_system":"epss","scoring_elements":"0.98281","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1772"},{"reference_url":"http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3579","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3579"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1772","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-1772"},{"reference_url":"http://struts.apache.org/2.2.3/docs/version-notes-223.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.2.3/docs/version-notes-223.html"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-006.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-006.html"},{"reference_url":"http://struts.apache.org/docs/s2-006.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-006.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=723827","reference_id":"723827","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=723827"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt","reference_id":"CVE-2011-1772;OSVDB-72238","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/35735.txt"},{"reference_url":"https://www.securityfocus.com/bid/47784/info","reference_id":"CVE-2011-1772;OSVDB-72238","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/47784/info"},{"reference_url":"https://github.com/advisories/GHSA-56f8-g68r-j699","reference_id":"GHSA-56f8-g68r-j699","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-56f8-g68r-j699"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385483?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-7k4z-qm87-suhd"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-gp75-qf1z-dkhk"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ugkf-fxza-aua3"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-vtv8-72mw-8ycu"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3"}],"aliases":["CVE-2011-1772","GHSA-56f8-g68r-j699"],"risk_score":5.4,"exploitability":"2.0","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68qk-857f-hubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30361?format=json","vulnerability_id":"VCID-69jq-8s8p-hbgj","summary":"","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4316","reference_id":"","reference_type":"","scores":[{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.91067","published_at":"2026-06-14T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.91062","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.91068","published_at":"2026-06-13T12:55:00Z"},{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.91031","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4316"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1"},{"reference_url":"https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4316","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4316"},{"reference_url":"http://struts.apache.org/docs/s2-019.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-019.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-019.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-019.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013036","reference_id":"1013036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013036"},{"reference_url":"https://github.com/advisories/GHSA-j7h6-xr7g-m2c5","reference_id":"GHSA-j7h6-xr7g-m2c5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j7h6-xr7g-m2c5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385241?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2"}],"aliases":["CVE-2013-4316","GHSA-j7h6-xr7g-m2c5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69jq-8s8p-hbgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279807?format=json","vulnerability_id":"VCID-6tbd-rs7c-mydf","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"},{"reference_url":"http://jvn.jp/en/jp/JVN95989300/index.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN95989300/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5169","reference_id":"","reference_type":"","scores":[{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.79297","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.79362","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.79375","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.79371","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5169"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5169","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5169"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0003/"},{"reference_url":"https://struts.apache.org/docs/s2-025.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-025.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260087","reference_id":"1260087","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260087"},{"reference_url":"https://github.com/advisories/GHSA-vwhv-j36g-5rm8","reference_id":"GHSA-vwhv-j36g-5rm8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vwhv-j36g-5rm8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384794?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y2p9-ptgf-n3gp"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2015-5169","GHSA-vwhv-j36g-5rm8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6tbd-rs7c-mydf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30658?format=json","vulnerability_id":"VCID-7k4z-qm87-suhd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0393.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0393","reference_id":"","reference_type":"","scores":[{"value":"0.73632","scoring_system":"epss","scoring_elements":"0.98829","published_at":"2026-06-11T12:55:00Z"},{"value":"0.73632","scoring_system":"epss","scoring_elements":"0.98836","published_at":"2026-06-14T12:55:00Z"},{"value":"0.73632","scoring_system":"epss","scoring_elements":"0.98835","published_at":"2026-06-13T12:55:00Z"},{"value":"0.73632","scoring_system":"epss","scoring_elements":"0.98833","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0393"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/9cad25f258bb2629d263f828574d2671366c238d"},{"reference_url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=773164","reference_id":"773164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=773164"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0393","reference_id":"CVE-2012-0393","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0393"},{"reference_url":"https://github.com/advisories/GHSA-hxqq-w4mr-mc62","reference_id":"GHSA-hxqq-w4mr-mc62","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxqq-w4mr-mc62"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20748?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/20747?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.1"}],"aliases":["CVE-2012-0393","GHSA-hxqq-w4mr-mc62"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7k4z-qm87-suhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93394?format=json","vulnerability_id":"VCID-87pg-kwux-b3fd","summary":"Missing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07839","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07826","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07832","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07802","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/01/11/2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/01/11/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559","reference_id":"2428559","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493","reference_id":"CVE-2025-68493","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493"},{"reference_url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7","reference_id":"GHSA-qcfc-hmrc-59x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-069","reference_id":"S2-069","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-069"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/422148?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/37590?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1"}],"aliases":["CVE-2025-68493","GHSA-qcfc-hmrc-59x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87pg-kwux-b3fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/269793?format=json","vulnerability_id":"VCID-97ee-jfwc-uyh8","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86349","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.864","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.8641","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86409","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6348"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Oct/244","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2013/Oct/244"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4213","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4213"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6348"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2013-6348"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1533354","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1533354"},{"reference_url":"https://ubuntu.com/security/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/security/CVE-2013-6348"},{"reference_url":"https://github.com/advisories/GHSA-3g8j-jj54-3vjg","reference_id":"GHSA-3g8j-jj54-3vjg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3g8j-jj54-3vjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/385330?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16"}],"aliases":["CVE-2013-6348","GHSA-3g8j-jj54-3vjg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97ee-jfwc-uyh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208875?format=json","vulnerability_id":"VCID-9ju6-1p9c-r7fs","summary":"Struts ParameterInterceptor vulnerability allows remote command execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3923","reference_id":"","reference_type":"","scores":[{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99658","published_at":"2026-06-11T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.9966","published_at":"2026-06-14T12:55:00Z"},{"value":"0.91054","scoring_system":"epss","scoring_elements":"0.99661","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3923"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3923"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/72585"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-009.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-009.html"},{"reference_url":"http://struts.apache.org/docs/s2-009.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-009.html"},{"reference_url":"https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140725074137/http://seclists.org/fulldisclosure/2014/Jul/38"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3923","reference_id":"CVE-2011-3923","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3923"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2011-3923","reference_id":"CVE-2011-3923","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2011-3923"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb","reference_id":"CVE-2011-3923;OSVDB-78501","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24874.rb"},{"reference_url":"http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html","reference_id":"CVE-2011-3923-YET-ANOTHER-STRUTS2.HTML","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html"},{"reference_url":"https://github.com/advisories/GHSA-j68f-8h6p-9h5q","reference_id":"GHSA-j68f-8h6p-9h5q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j68f-8h6p-9h5q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20203?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.1.2"}],"aliases":["CVE-2011-3923","GHSA-j68f-8h6p-9h5q"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ju6-1p9c-r7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357896?format=json","vulnerability_id":"VCID-9jvr-uexp-53dg","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50164","reference_id":"","reference_type":"","scores":[{"value":"0.93657","scoring_system":"epss","scoring_elements":"0.99852","published_at":"2026-06-11T12:55:00Z"},{"value":"0.93657","scoring_system":"epss","scoring_elements":"0.99853","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50164"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-066","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-066"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163"},{"reference_url":"https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6"},{"reference_url":"https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50164","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50164"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0010","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231214-0010"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/07/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/12/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/07/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/07/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253938","reference_id":"2253938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253938"},{"reference_url":"https://github.com/advisories/GHSA-2j39-qcjm-428w","reference_id":"GHSA-2j39-qcjm-428w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j39-qcjm-428w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35594?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-8a7z-r9ax-t3hd"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33"},{"url":"http://public2.vulnerablecode.io/api/packages/380227?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2"}],"aliases":["CVE-2023-50164","GHSA-2j39-qcjm-428w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jvr-uexp-53dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30394?format=json","vulnerability_id":"VCID-aje2-97ey-pqba","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2251","reference_id":"","reference_type":"","scores":[{"value":"0.94325","scoring_system":"epss","scoring_elements":"0.99955","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2251"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6"},{"reference_url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4140","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4140"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251"},{"reference_url":"http://www.securitytracker.com/id/1029184","reference_id":"1029184","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securitytracker.com/id/1029184"},{"reference_url":"http://www.securitytracker.com/id/1032916","reference_id":"1032916","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securitytracker.com/id/1032916"},{"reference_url":"http://www.securityfocus.com/bid/61189","reference_id":"61189","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securityfocus.com/bid/61189"},{"reference_url":"http://www.securityfocus.com/bid/64758","reference_id":"64758","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securityfocus.com/bid/64758"},{"reference_url":"http://seclists.org/oss-sec/2014/q1/89","reference_id":"89","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://seclists.org/oss-sec/2014/q1/89"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392","reference_id":"90392","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Oct/96","reference_id":"96","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://seclists.org/fulldisclosure/2013/Oct/96"},{"reference_url":"http://osvdb.org/98445","reference_id":"98445","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://osvdb.org/98445"},{"reference_url":"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html","reference_id":"Apache-Struts-2-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html"},{"reference_url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2","reference_id":"cisco-sa-20131023-struts2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"cpujan2014-1972949.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"cpujul2015-2367936.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt","reference_id":"CVE-2013-2251","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2251","reference_id":"CVE-2013-2251","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2251"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb","reference_id":"CVE-2013-2251;OSVDB-95405","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb"},{"reference_url":"https://github.com/advisories/GHSA-47qp-8v9g-39hp","reference_id":"GHSA-47qp-8v9g-39hp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47qp-8v9g-39hp"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html","reference_id":"interstage-bpm-analytics-201301e.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-016.html","reference_id":"s2-016.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-016.html"},{"reference_url":"http://archiva.apache.org/security.html","reference_id":"security.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://archiva.apache.org/security.html"},{"reference_url":"http://cxsecurity.com/issue/WLB-2014010087","reference_id":"WLB-2014010087","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://cxsecurity.com/issue/WLB-2014010087"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21501?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1"}],"aliases":["CVE-2013-2251","GHSA-47qp-8v9g-39hp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aje2-97ey-pqba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206745?format=json","vulnerability_id":"VCID-ay7y-pcs2-b7dg","summary":"Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts","references":[{"reference_url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0230","reference_id":"","reference_type":"","scores":[{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99876","published_at":"2026-06-13T12:55:00Z"},{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99877","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0230"},{"reference_url":"https://cwiki.apache.org/confluence/display/ww/s2-059","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/ww/s2-059"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2982840","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.support.sap.com/#/notes/2982840"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869672","reference_id":"1869672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869672"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py","reference_id":"CVE-2019-0230","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230","reference_id":"CVE-2019-0230","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230"},{"reference_url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727","reference_id":"GHSA-wp4h-pvgw-5727","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18162?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2019-0230","GHSA-wp4h-pvgw-5727"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ay7y-pcs2-b7dg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21675?format=json","vulnerability_id":"VCID-b1er-88f7-zkan","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"0.93161","scoring_system":"epss","scoring_elements":"0.99806","published_at":"2026-06-12T12:55:00Z"},{"value":"0.93161","scoring_system":"epss","scoring_elements":"0.99807","published_at":"2026-06-14T12:55:00Z"},{"value":"0.93188","scoring_system":"epss","scoring_elements":"0.99808","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53677"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854"},{"reference_url":"https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78"},{"reference_url":"https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53677"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250103-0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250103-0005"},{"reference_url":"https://struts.apache.org/core-developers/file-upload","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/core-developers/file-upload"},{"reference_url":"https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331686","reference_id":"2331686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331686"},{"reference_url":"https://github.com/advisories/GHSA-43mq-6xmg-29vm","reference_id":"GHSA-43mq-6xmg-29vm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-43mq-6xmg-29vm"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-067","reference_id":"S2-067","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-067"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372433?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-p8eh-fdqf-jqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0"}],"aliases":["CVE-2024-53677","GHSA-43mq-6xmg-29vm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1er-88f7-zkan"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30390?format=json","vulnerability_id":"VCID-b469-9q7g-kkdm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2115","reference_id":"","reference_type":"","scores":[{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99485","published_at":"2026-06-11T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99487","published_at":"2026-06-14T12:55:00Z"},{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.99486","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-013"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-014","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-014"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650"},{"reference_url":"https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d"},{"reference_url":"https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6"},{"reference_url":"https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4063","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4063"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-014.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-014.html"},{"reference_url":"http://struts.apache.org/docs/s2-014.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-014.html"},{"reference_url":"https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2115","reference_id":"CVE-2013-2115","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2115"},{"reference_url":"https://github.com/advisories/GHSA-7ghm-rpc7-p7g5","reference_id":"GHSA-7ghm-rpc7-p7g5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ghm-rpc7-p7g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21594?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2"}],"aliases":["CVE-2013-2115","GHSA-7ghm-rpc7-p7g5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b469-9q7g-kkdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30609?format=json","vulnerability_id":"VCID-e1us-p1ub-27gf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3082","reference_id":"","reference_type":"","scores":[{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96253","published_at":"2026-06-11T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96264","published_at":"2026-06-12T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96266","published_at":"2026-06-13T12:55:00Z"},{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96269","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3082"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3082","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3082"},{"reference_url":"http://struts.apache.org/docs/s2-031.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-031.html"},{"reference_url":"https://github.com/advisories/GHSA-pvm9-288c-v5wq","reference_id":"GHSA-pvm9-288c-v5wq","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pvm9-288c-v5wq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384683?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/384684?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/384685?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1"}],"aliases":["CVE-2016-3082","GHSA-pvm9-288c-v5wq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1us-p1ub-27gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250520?format=json","vulnerability_id":"VCID-eqjg-rpr2-vqhb","summary":"","references":[{"reference_url":"http://issues.apache.org/struts/browse/WW-2779","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://issues.apache.org/struts/browse/WW-2779"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6505","reference_id":"","reference_type":"","scores":[{"value":"0.83102","scoring_system":"epss","scoring_elements":"0.9928","published_at":"2026-06-11T12:55:00Z"},{"value":"0.83102","scoring_system":"epss","scoring_elements":"0.99282","published_at":"2026-06-13T12:55:00Z"},{"value":"0.83102","scoring_system":"epss","scoring_elements":"0.99281","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6505"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/04fcefa44bae1263c7cad6986a9dafed67f0164f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/04fcefa44bae1263c7cad6986a9dafed67f0164f"},{"reference_url":"https://github.com/apache/struts/commit/1f1c996eb1f0f3e2193fba0075f62ccd04e3c0c3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1f1c996eb1f0f3e2193fba0075f62ccd04e3c0c3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-6505","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-6505"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-004.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-004.html"},{"reference_url":"https://web.archive.org/web/20081208214512/http://secunia.com/advisories/32497","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20081208214512/http://secunia.com/advisories/32497"},{"reference_url":"https://web.archive.org/web/20111025094319/http://www.securityfocus.com/bid/32104","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111025094319/http://www.securityfocus.com/bid/32104"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32565.txt","reference_id":"CVE-2008-6505;OSVDB-49734","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/32565.txt"},{"reference_url":"https://www.securityfocus.com/bid/32104/info","reference_id":"CVE-2008-6505;OSVDB-49734","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/32104/info"},{"reference_url":"https://github.com/advisories/GHSA-wv7g-xhvw-8hcp","reference_id":"GHSA-wv7g-xhvw-8hcp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wv7g-xhvw-8hcp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386145?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-68qk-857f-hubx"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-7k4z-qm87-suhd"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-gp75-qf1z-dkhk"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-su1m-grr8-e7bs"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ugkf-fxza-aua3"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-vtv8-72mw-8ycu"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/386146?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/388589?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-68qk-857f-hubx"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-7k4z-qm87-suhd"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-gp75-qf1z-dkhk"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-su1m-grr8-e7bs"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ugkf-fxza-aua3"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-vtv8-72mw-8ycu"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.6"}],"aliases":["CVE-2008-6505","GHSA-wv7g-xhvw-8hcp"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eqjg-rpr2-vqhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30441?format=json","vulnerability_id":"VCID-gdqp-6qxq-fkfb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0113","reference_id":"","reference_type":"","scores":[{"value":"0.82224","scoring_system":"epss","scoring_elements":"0.99242","published_at":"2026-06-11T12:55:00Z"},{"value":"0.82224","scoring_system":"epss","scoring_elements":"0.99245","published_at":"2026-06-13T12:55:00Z"},{"value":"0.82224","scoring_system":"epss","scoring_elements":"0.99244","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0113"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-021","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-021"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0113","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0113"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092201","reference_id":"1092201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092201"},{"reference_url":"https://github.com/advisories/GHSA-3c5c-xrq4-qhr8","reference_id":"GHSA-3c5c-xrq4-qhr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3c5c-xrq4-qhr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386240?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/384794?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y2p9-ptgf-n3gp"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0113","GHSA-3c5c-xrq4-qhr8"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdqp-6qxq-fkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30608?format=json","vulnerability_id":"VCID-gp75-qf1z-dkhk","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2012-000012"},{"reference_url":"http://jvn.jp/en/jp/JVN79099262/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN79099262/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0838.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0838","reference_id":"","reference_type":"","scores":[{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93662","published_at":"2026-06-14T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93656","published_at":"2026-06-12T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.9366","published_at":"2026-06-13T12:55:00Z"},{"value":"0.11109","scoring_system":"epss","scoring_elements":"0.93636","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0838"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b"},{"reference_url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0838","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0838"},{"reference_url":"http://struts.apache.org/2.3.1.2/docs/s2-007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.3.1.2/docs/s2-007.html"},{"reference_url":"http://struts.apache.org/docs/s2-007.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-007.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=799980","reference_id":"799980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=799980"},{"reference_url":"https://github.com/advisories/GHSA-mwrx-hx6x-3hhv","reference_id":"GHSA-mwrx-hx6x-3hhv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwrx-hx6x-3hhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20748?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"}],"aliases":["CVE-2012-0838","GHSA-mwrx-hx6x-3hhv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gp75-qf1z-dkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8003?format=json","vulnerability_id":"VCID-h325-fgpc-1yfe","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17530","reference_id":"","reference_type":"","scores":[{"value":"0.94373","scoring_system":"epss","scoring_elements":"0.99967","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17530"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210115-0005"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905645","reference_id":"1905645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905645"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/12/6","reference_id":"6","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/04/12/6"},{"reference_url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html","reference_id":"Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"cpuApr2021.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"cpuapr2022.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"cpujan2021.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"cpujan2022.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"cpujul2021.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"cpuoct2021.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17530","reference_id":"CVE-2020-17530","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17530"},{"reference_url":"https://github.com/advisories/GHSA-jc35-q369-45pv","reference_id":"GHSA-jc35-q369-45pv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc35-q369-45pv"},{"reference_url":"http://jvn.jp/en/jp/JVN43969166/index.html","reference_id":"index.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://jvn.jp/en/jp/JVN43969166/index.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0005/","reference_id":"ntap-20210115-0005","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210115-0005/"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-061","reference_id":"S2-061","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-061"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19117?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26"}],"aliases":["CVE-2020-17530","GHSA-jc35-q369-45pv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h325-fgpc-1yfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30520?format=json","vulnerability_id":"VCID-hj23-vf24-ybbp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0116","reference_id":"","reference_type":"","scores":[{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86497","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86548","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86558","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86556","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0116"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0116","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0116"},{"reference_url":"http://struts.apache.org/docs/s2-022.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-022.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-022.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-022.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1094558","reference_id":"1094558","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1094558"},{"reference_url":"https://github.com/advisories/GHSA-hmhq-382q-mp56","reference_id":"GHSA-hmhq-382q-mp56","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hmhq-382q-mp56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/388163?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3"},{"url":"http://public2.vulnerablecode.io/api/packages/384794?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y2p9-ptgf-n3gp"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0116","GHSA-hmhq-382q-mp56"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj23-vf24-ybbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30714?format=json","vulnerability_id":"VCID-j6qg-af9t-qqf7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4310","reference_id":"","reference_type":"","scores":[{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.9268","published_at":"2026-06-11T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92706","published_at":"2026-06-12T12:55:00Z"},{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92708","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4310"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4310","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4310"},{"reference_url":"http://struts.apache.org/docs/s2-018.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-018.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-018.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-018.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013030","reference_id":"1013030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013030"},{"reference_url":"https://github.com/advisories/GHSA-q5q8-jghf-3pm3","reference_id":"GHSA-q5q8-jghf-3pm3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q5q8-jghf-3pm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386136?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3"}],"aliases":["CVE-2013-4310","GHSA-q5q8-jghf-3pm3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qg-af9t-qqf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/141833?format=json","vulnerability_id":"VCID-jhu6-h2af-jkdh","summary":"Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34149","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20779","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20953","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20975","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20955","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34149"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34149","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34149"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/06/14/2","reference_id":"2","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/06/14/2"},{"reference_url":"https://github.com/advisories/GHSA-8f6x-v685-g2xc","reference_id":"GHSA-8f6x-v685-g2xc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f6x-v685-g2xc"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005/","reference_id":"ntap-20230706-0005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005/"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-063","reference_id":"S2-063","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381852?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31"},{"url":"http://public2.vulnerablecode.io/api/packages/381853?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1"}],"aliases":["CVE-2023-34149","GHSA-8f6x-v685-g2xc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhu6-h2af-jkdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30246?format=json","vulnerability_id":"VCID-k8sn-7uy6-23a1","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2248","reference_id":"","reference_type":"","scores":[{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99715","published_at":"2026-06-14T12:55:00Z"},{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99714","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2248"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6"},{"reference_url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4140","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4140"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2248"},{"reference_url":"http://struts.apache.org/docs/s2-017.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-017.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-017.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt","reference_id":"CVE-2013-2248;OSVDB-95406","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt"},{"reference_url":"https://www.securityfocus.com/bid/61196/info","reference_id":"CVE-2013-2248;OSVDB-95406","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/61196/info"},{"reference_url":"https://github.com/advisories/GHSA-rpj9-r897-wc6q","reference_id":"GHSA-rpj9-r897-wc6q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rpj9-r897-wc6q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21501?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1"}],"aliases":["CVE-2013-2248","GHSA-rpj9-r897-wc6q"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8sn-7uy6-23a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1225?format=json","vulnerability_id":"VCID-n7pm-5abc-qub9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4003","reference_id":"","reference_type":"","scores":[{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.86068","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.86019","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.86073","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.86079","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4003"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc"},{"reference_url":"https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9"},{"reference_url":"https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e"},{"reference_url":"https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2"},{"reference_url":"https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4507","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4507"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4003"},{"reference_url":"http://struts.apache.org/docs/s2-028.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-028.html"},{"reference_url":"https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311"},{"reference_url":"https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268"},{"reference_url":"http://www.securityfocus.com/bid/86311","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/86311"},{"reference_url":"http://www.securitytracker.com/id/1035268","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035268"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326725","reference_id":"1326725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326725"},{"reference_url":"https://github.com/advisories/GHSA-m3x6-9v6h-4g28","reference_id":"GHSA-m3x6-9v6h-4g28","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m3x6-9v6h-4g28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384684?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/384617?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-4003","GHSA-m3x6-9v6h-4g28"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n7pm-5abc-qub9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94699?format=json","vulnerability_id":"VCID-p8eh-fdqf-jqf6","summary":"Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.\n\nIt's related to  https://cve.org/CVERecord?id=CVE-2025-64775  - this CVE addresses missing affected version 6.7.4","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66675","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42344","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42357","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42367","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.4218","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66675"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66675","reference_id":"CVE-2025-66675","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66675"},{"reference_url":"https://cve.org/CVERecord?id=CVE-2025-64775","reference_id":"CVERecord?id=CVE-2025-64775","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/"}],"url":"https://cve.org/CVERecord?id=CVE-2025-64775"},{"reference_url":"https://github.com/advisories/GHSA-rg58-xhh7-mqjw","reference_id":"GHSA-rg58-xhh7-mqjw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg58-xhh7-mqjw"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-068","reference_id":"S2-068","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-068"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35597?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/35589?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@7.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1"}],"aliases":["CVE-2025-66675","GHSA-rg58-xhh7-mqjw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8eh-fdqf-jqf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30665?format=json","vulnerability_id":"VCID-q9bm-u4q3-xke1","summary":"","references":[{"reference_url":"http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html","reference_id":"","reference_type":"","scores":[],"url":"http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html"},{"reference_url":"http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7809","reference_id":"","reference_type":"","scores":[{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.92012","published_at":"2026-06-11T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.92039","published_at":"2026-06-12T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.92046","published_at":"2026-06-13T12:55:00Z"},{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.92043","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7809"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7809","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7809"},{"reference_url":"http://struts.apache.org/docs/s2-023.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-023.html"},{"reference_url":"https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309"},{"reference_url":"https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548"},{"reference_url":"https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172133","reference_id":"1172133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172133"},{"reference_url":"https://github.com/advisories/GHSA-h4v9-jf2r-9h6m","reference_id":"GHSA-h4v9-jf2r-9h6m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4v9-jf2r-9h6m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384794?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y2p9-ptgf-n3gp"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-7809","GHSA-h4v9-jf2r-9h6m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9bm-u4q3-xke1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/141932?format=json","vulnerability_id":"VCID-qjyc-btmm-hbhd","summary":"Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34396","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3096","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31154","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31171","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31156","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34396"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34396","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34396"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/06/14/3","reference_id":"3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/06/14/3"},{"reference_url":"https://github.com/advisories/GHSA-4g42-gqrg-4633","reference_id":"GHSA-4g42-gqrg-4633","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g42-gqrg-4633"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005/","reference_id":"ntap-20230706-0005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005/"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-064","reference_id":"S2-064","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-064"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/381852?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31"},{"url":"http://public2.vulnerablecode.io/api/packages/381853?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1"}],"aliases":["CVE-2023-34396","GHSA-4g42-gqrg-4633"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjyc-btmm-hbhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30592?format=json","vulnerability_id":"VCID-r25b-7ec8-d7dt","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3093","reference_id":"","reference_type":"","scores":[{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.90004","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.90035","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.90043","published_at":"2026-06-13T12:55:00Z"},{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.90041","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3093"},{"reference_url":"https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92"},{"reference_url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3093","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3093"},{"reference_url":"https://struts.apache.org/docs/s2-034.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-034.html"},{"reference_url":"http://struts.apache.org/docs/s2-034.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-034.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854"},{"reference_url":"http://www.securityfocus.com/bid/90961","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/90961"},{"reference_url":"http://www.securitytracker.com/id/1036018","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036018"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341677","reference_id":"1341677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341677"},{"reference_url":"https://github.com/advisories/GHSA-383p-xqxx-rrmp","reference_id":"GHSA-383p-xqxx-rrmp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-383p-xqxx-rrmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384684?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"}],"aliases":["CVE-2016-3093","GHSA-383p-xqxx-rrmp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r25b-7ec8-d7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30261?format=json","vulnerability_id":"VCID-ru1n-fg1x-jfa7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1965","reference_id":"","reference_type":"","scores":[{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99703","published_at":"2026-06-14T12:55:00Z"},{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99704","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1965"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1965","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1965"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-012.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-012.html"},{"reference_url":"http://struts.apache.org/docs/s2-012.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-012.html"},{"reference_url":"https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082"},{"reference_url":"http://www.securityfocus.com/bid/60082","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967655","reference_id":"967655","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967655"},{"reference_url":"https://github.com/advisories/GHSA-whmq-v94q-34p9","reference_id":"GHSA-whmq-v94q-34p9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-whmq-v94q-34p9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384574?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-1965","GHSA-whmq-v94q-34p9"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ru1n-fg1x-jfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208978?format=json","vulnerability_id":"VCID-sekw-zx84-dufe","summary":"Unrestricted Upload of File with Dangerous Type in Apache Struts2","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1592","reference_id":"","reference_type":"","scores":[{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69616","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69717","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69719","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69707","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76"},{"reference_url":"https://issues.apache.org/jira/browse/WW-5055","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-5055"},{"reference_url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://seclists.org/bugtraq/2012/Mar/110","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2012/Mar/110"},{"reference_url":"https://struts.apache.org/security/#internal-security-mechanism","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/security/#internal-security-mechanism"},{"reference_url":"https://www.openwall.com/lists/oss-security/2012/03/28/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2012/03/28/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/28/12","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/03/28/12"},{"reference_url":"https://access.redhat.com/security/cve/cve-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2012-1592"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2012-1592"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml","reference_id":"CVE-2012-1592;OSVDB-80547","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml"},{"reference_url":"https://www.securityfocus.com/bid/52702/info","reference_id":"CVE-2012-1592;OSVDB-80547","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/52702/info"},{"reference_url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf","reference_id":"GHSA-8m5q-crqq-6pmf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18162?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2012-1592","GHSA-8m5q-crqq-6pmf"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sekw-zx84-dufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209643?format=json","vulnerability_id":"VCID-su1m-grr8-e7bs","summary":"Server side object manipulation in Apache Struts","references":[{"reference_url":"http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16"},{"reference_url":"http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/159643/LISTSERV-Maestro-9.0-8-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1870","reference_id":"","reference_type":"","scores":[{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99753","published_at":"2026-06-14T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99751","published_at":"2026-06-11T12:55:00Z"},{"value":"0.92533","scoring_system":"epss","scoring_elements":"0.99752","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-1870"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-003","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-003"},{"reference_url":"http://seclists.org/fulldisclosure/2010/Jul/183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2010/Jul/183"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Oct/23","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2020/Oct/23"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"http://struts.apache.org/2.2.1/docs/s2-005.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.2.1/docs/s2-005.html"},{"reference_url":"http://struts.apache.org/docs/s2-005.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-005.html"},{"reference_url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140709-struts2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1123727","reference_id":"1123727","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1123727"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1870","reference_id":"CVE-2010-1870","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1870"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt","reference_id":"CVE-2010-1870;OSVDB-66280","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/14360.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb","reference_id":"CVE-2010-1870;OSVDB-66280","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/17691.rb"},{"reference_url":"http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html","reference_id":"CVE-2010-1870-STRUTS2XWORK-REMOTE.HTML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html"},{"reference_url":"https://github.com/advisories/GHSA-x5fc-pgpx-59j5","reference_id":"GHSA-x5fc-pgpx-59j5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x5fc-pgpx-59j5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/21497?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-68qk-857f-hubx"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-7k4z-qm87-suhd"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-gp75-qf1z-dkhk"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ugkf-fxza-aua3"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-vtv8-72mw-8ycu"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.1"}],"aliases":["CVE-2010-1870","GHSA-x5fc-pgpx-59j5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-su1m-grr8-e7bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/278581?format=json","vulnerability_id":"VCID-u9gb-z5t8-ayga","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html"},{"reference_url":"http://jvn.jp/en/jp/JVN88408929/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN88408929/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2992","reference_id":"","reference_type":"","scores":[{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77407","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.774","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77415","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.7733","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2992"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-025","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-025"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/Security","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/Security"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2992","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2992"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200330-0001","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200330-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200330-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20200330-0001/"},{"reference_url":"http://www.securityfocus.com/bid/76624","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260101","reference_id":"1260101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260101"},{"reference_url":"https://github.com/advisories/GHSA-265r-pp83-gww7","reference_id":"GHSA-265r-pp83-gww7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-265r-pp83-gww7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384794?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y2p9-ptgf-n3gp"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2015-2992","GHSA-265r-pp83-gww7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u9gb-z5t8-ayga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/279821?format=json","vulnerability_id":"VCID-ucby-p8k5-nkam","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5209","reference_id":"","reference_type":"","scores":[{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80585","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80646","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80658","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.8065","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5209"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5209","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5209"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0002"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0002/"},{"reference_url":"https://struts.apache.org/docs/s2-026.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-026.html"},{"reference_url":"https://github.com/advisories/GHSA-4qgj-9mvg-3929","reference_id":"GHSA-4qgj-9mvg-3929","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qgj-9mvg-3929"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384437?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1"}],"aliases":["CVE-2015-5209","GHSA-4qgj-9mvg-3929"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucby-p8k5-nkam"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30512?format=json","vulnerability_id":"VCID-ugkf-fxza-aua3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0391","reference_id":"","reference_type":"","scores":[{"value":"0.87528","scoring_system":"epss","scoring_elements":"0.99482","published_at":"2026-06-11T12:55:00Z"},{"value":"0.87528","scoring_system":"epss","scoring_elements":"0.99483","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0391"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/5f54b8d087f5125d96838aafa5f64c2190e6885b"},{"reference_url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/b4265d369dc29d57a9f2846a85b26598e83f3892"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2012-0391"},{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html","reference_id":"0031.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://archives.neohapsis.com/archives/bugtraq/2012-01/0031.html"},{"reference_url":"http://www.exploit-db.com/exploits/18329","reference_id":"18329","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://www.exploit-db.com/exploits/18329"},{"reference_url":"https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"http://secunia.com/advisories/47393","reference_id":"47393","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://secunia.com/advisories/47393"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=773159","reference_id":"773159","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=773159"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0391","reference_id":"CVE-2012-0391","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0391"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb","reference_id":"CVE-2012-0391;OSVDB-78277","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/18984.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt","reference_id":"CVE-2012-0394;CVE-2012-0393;CVE-2012-0392;CVE-2012-0391;OSVDB-78277;OSVDB-78276;OSVDB-78109;OSVDB-78108","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/18329.txt"},{"reference_url":"https://github.com/advisories/GHSA-4wrr-9h5r-m92w","reference_id":"GHSA-4wrr-9h5r-m92w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4wrr-9h5r-m92w"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-008.html","reference_id":"s2-008.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://struts.apache.org/2.x/docs/s2-008.html"},{"reference_url":"http://struts.apache.org/2.x/docs/version-notes-2311.html","reference_id":"version-notes-2311.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"http://struts.apache.org/2.x/docs/version-notes-2311.html"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3668","reference_id":"WW-3668","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-10T20:07:52Z/"}],"url":"https://issues.apache.org/jira/browse/WW-3668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20748?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"}],"aliases":["CVE-2012-0391","GHSA-4wrr-9h5r-m92w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugkf-fxza-aua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/285537?format=json","vulnerability_id":"VCID-v9cg-jcev-hke6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4461","reference_id":"","reference_type":"","scores":[{"value":"0.01142","scoring_system":"epss","scoring_elements":"0.78847","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01142","scoring_system":"epss","scoring_elements":"0.78912","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01142","scoring_system":"epss","scoring_elements":"0.78929","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01142","scoring_system":"epss","scoring_elements":"0.78926","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4461"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4461","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4461"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0004"},{"reference_url":"https://struts.apache.org/docs/s2-036.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-036.html"},{"reference_url":"https://github.com/advisories/GHSA-864w-r5qj-h6fj","reference_id":"GHSA-864w-r5qj-h6fj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-864w-r5qj-h6fj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384581?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"}],"aliases":["CVE-2016-4461","GHSA-864w-r5qj-h6fj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9cg-jcev-hke6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30420?format=json","vulnerability_id":"VCID-vk5e-n6s3-y7hr","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4436","reference_id":"","reference_type":"","scores":[{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90652","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90682","published_at":"2026-06-12T12:55:00Z"},{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90689","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4436"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5"},{"reference_url":"https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4436","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4436"},{"reference_url":"https://struts.apache.org/docs/s2-035.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-035.html"},{"reference_url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280"},{"reference_url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348233","reference_id":"1348233","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348233"},{"reference_url":"https://github.com/advisories/GHSA-xm92-v2mq-842q","reference_id":"GHSA-xm92-v2mq-842q","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xm92-v2mq-842q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384581?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"},{"url":"http://public2.vulnerablecode.io/api/packages/386458?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gff5-qugq-zbf1"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-ygqc-kj8j-1ub3"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1"}],"aliases":["CVE-2016-4436","GHSA-xm92-v2mq-842q"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vk5e-n6s3-y7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30271?format=json","vulnerability_id":"VCID-vtv8-72mw-8ycu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0392.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0392","reference_id":"","reference_type":"","scores":[{"value":"0.90286","scoring_system":"epss","scoring_elements":"0.99615","published_at":"2026-06-11T12:55:00Z"},{"value":"0.90286","scoring_system":"epss","scoring_elements":"0.99617","published_at":"2026-06-14T12:55:00Z"},{"value":"0.90286","scoring_system":"epss","scoring_elements":"0.99616","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0392"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/25e50069d60434a30395e3a98357ffba2bed427e"},{"reference_url":"https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/34c80dae734e70f13c0e46f9c83602fb71318e58"},{"reference_url":"https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html"},{"reference_url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120612142634/https://sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393"},{"reference_url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20140723153720/http://secunia.com/advisories/47393/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=773162","reference_id":"773162","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=773162"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0392","reference_id":"CVE-2012-0392","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-0392"},{"reference_url":"https://github.com/advisories/GHSA-2ppp-xj34-vvf7","reference_id":"GHSA-2ppp-xj34-vvf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2ppp-xj34-vvf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20748?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.2.3.1"}],"aliases":["CVE-2012-0392","GHSA-2ppp-xj34-vvf7"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtv8-72mw-8ycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30509?format=json","vulnerability_id":"VCID-x5xf-1xja-g3h1","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"0.94431","scoring_system":"epss","scoring_elements":"0.99986","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11776"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b"},{"reference_url":"https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e"},{"reference_url":"https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72"},{"reference_url":"https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180822-0001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180822-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181018-0002","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181018-0002"},{"reference_url":"https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125"},{"reference_url":"https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888"},{"reference_url":"https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"},{"reference_url":"https://www.exploit-db.com/exploits/45260","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45260"},{"reference_url":"https://www.exploit-db.com/exploits/45262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45262"},{"reference_url":"https://www.exploit-db.com/exploits/45367","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45367"},{"reference_url":"http://www.securitytracker.com/id/1041547","reference_id":"1041547","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securitytracker.com/id/1041547"},{"reference_url":"http://www.securitytracker.com/id/1041888","reference_id":"1041888","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securitytracker.com/id/1041888"},{"reference_url":"http://www.securityfocus.com/bid/105125","reference_id":"105125","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securityfocus.com/bid/105125"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620019","reference_id":"1620019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620019"},{"reference_url":"https://www.exploit-db.com/exploits/45260/","reference_id":"45260","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45260/"},{"reference_url":"https://www.exploit-db.com/exploits/45262/","reference_id":"45262","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45262/"},{"reference_url":"https://www.exploit-db.com/exploits/45367/","reference_id":"45367","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45367/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html","reference_id":"alert-cve-2018-11776-5072787.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"},{"reference_url":"https://lgtm.com/blog/apache_struts_CVE-2018-11776","reference_id":"apache_struts_CVE-2018-11776","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://lgtm.com/blog/apache_struts_CVE-2018-11776"},{"reference_url":"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html","reference_id":"Apache-Struts-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt","reference_id":"ARUBA-PSA-2018-005.txt","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"cpujan2019-5072801.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"cpujul2020.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"cpuoct2018-4428296.html","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py"},{"reference_url":"https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11776","reference_id":"CVE-2018-11776","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11776"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb"},{"reference_url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC","reference_id":"CVE-2018-11776-Python-PoC","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"},{"reference_url":"https://github.com/advisories/GHSA-cr6j-3jp9-rw65","reference_id":"GHSA-cr6j-3jp9-rw65","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr6j-3jp9-rw65"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180822-0001/","reference_id":"ntap-20180822-0001","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180822-0001/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181018-0002/","reference_id":"ntap-20181018-0002","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20181018-0002/"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-057","reference_id":"S2-057","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-057"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012","reference_id":"SNWLID-2018-0012","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14317?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35"},{"url":"http://public2.vulnerablecode.io/api/packages/14320?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17"}],"aliases":["CVE-2018-11776","GHSA-cr6j-3jp9-rw65"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5xf-1xja-g3h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/265072?format=json","vulnerability_id":"VCID-xp19-pnns-xye5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4386","reference_id":"","reference_type":"","scores":[{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87365","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87409","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87415","published_at":"2026-06-13T12:55:00Z"},{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87412","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4386"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78182","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78182"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3858","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3858"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4386","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4386"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-010.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-010.html"},{"reference_url":"http://struts.apache.org/docs/s2-010.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-010.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/5"},{"reference_url":"https://github.com/advisories/GHSA-2rvh-q539-q33v","reference_id":"GHSA-2rvh-q539-q33v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rvh-q539-q33v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384469?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1"}],"aliases":["CVE-2012-4386","GHSA-2rvh-q539-q33v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xp19-pnns-xye5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1386?format=json","vulnerability_id":"VCID-xy1y-697m-xqed","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110"},{"reference_url":"http://jvn.jp/en/jp/JVN07710476/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN07710476/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4438","reference_id":"","reference_type":"","scores":[{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.9838","published_at":"2026-06-14T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98381","published_at":"2026-06-13T12:55:00Z"},{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.98374","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4438"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c"},{"reference_url":"https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d"},{"reference_url":"https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c"},{"reference_url":"https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4438","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4438"},{"reference_url":"https://struts.apache.org/docs/s2-037.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-037.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348238","reference_id":"1348238","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348238"},{"reference_url":"https://github.com/advisories/GHSA-4prj-vw9j-v6pr","reference_id":"GHSA-4prj-vw9j-v6pr","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4prj-vw9j-v6pr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384581?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"}],"aliases":["CVE-2016-4438","GHSA-4prj-vw9j-v6pr"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy1y-697m-xqed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30249?format=json","vulnerability_id":"VCID-y959-14dp-b7h4","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2134","reference_id":"","reference_type":"","scores":[{"value":"0.90936","scoring_system":"epss","scoring_elements":"0.99651","published_at":"2026-06-11T12:55:00Z"},{"value":"0.90936","scoring_system":"epss","scoring_elements":"0.99652","published_at":"2026-06-14T12:55:00Z"},{"value":"0.90936","scoring_system":"epss","scoring_elements":"0.99653","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2134"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-015","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-015"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201409-04.xml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201409-04.xml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0"},{"reference_url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f"},{"reference_url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3"},{"reference_url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4090","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4090"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4094","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4094"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4095","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4095"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2134","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2134"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-015.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-015.html"},{"reference_url":"http://struts.apache.org/docs/s2-015.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-015.html"},{"reference_url":"https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346"},{"reference_url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt","reference_id":"CVE-2013-2134;OSVDB-93969","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt"},{"reference_url":"https://www.securityfocus.com/bid/60345/info","reference_id":"CVE-2013-2134;OSVDB-93969","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/60345/info"},{"reference_url":"https://github.com/advisories/GHSA-gqqm-564f-vvxq","reference_id":"GHSA-gqqm-564f-vvxq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gqqm-564f-vvxq"},{"reference_url":"https://security.gentoo.org/glsa/201409-04","reference_id":"GLSA-201409-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201409-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384574?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-2134","GHSA-gqqm-564f-vvxq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y959-14dp-b7h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/30519?format=json","vulnerability_id":"VCID-yb3u-qut9-7qaf","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045"},{"reference_url":"http://jvn.jp/en/jp/JVN19294237/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19294237/index.html"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0094","reference_id":"","reference_type":"","scores":[{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99802","published_at":"2026-06-13T12:55:00Z"},{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99803","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0094"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f"},{"reference_url":"https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0094","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0094"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-020.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-020.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"http://www.konakart.com/downloads/ver-7-3-0-0-whats-new","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.konakart.com/downloads/ver-7-3-0-0-whats-new"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1073716","reference_id":"1073716","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1073716"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb","reference_id":"CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb","reference_id":"CVE-2014-0114;CVE-2014-0112;CVE-2014-0094","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb","reference_id":"CVE-2014-0114;CVE-2014-0112;CVE-2014-0094","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb"},{"reference_url":"https://github.com/advisories/GHSA-vrwc-qjmw-5rjm","reference_id":"GHSA-vrwc-qjmw-5rjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrwc-qjmw-5rjm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/386240?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"}],"aliases":["CVE-2014-0094","GHSA-vrwc-qjmw-5rjm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yb3u-qut9-7qaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1022?format=json","vulnerability_id":"VCID-ydze-7ynn-qfe2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2162","reference_id":"","reference_type":"","scores":[{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.7969","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79625","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.797","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79706","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java"},{"reference_url":"https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2162","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2162"},{"reference_url":"http://struts.apache.org/docs/s2-030.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-030.html"},{"reference_url":"https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070"},{"reference_url":"https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326724","reference_id":"1326724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326724"},{"reference_url":"https://github.com/advisories/GHSA-2j4q-9fff-236j","reference_id":"GHSA-2j4q-9fff-236j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j4q-9fff-236j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384617?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-2162","GHSA-2j4q-9fff-236j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydze-7ynn-qfe2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/284822?format=json","vulnerability_id":"VCID-yhe2-xtug-sydg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3090","reference_id":"","reference_type":"","scores":[{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84766","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84818","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84827","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84819","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3090"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3090","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3090"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0005","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0005/"},{"reference_url":"https://struts.apache.org/docs/s2-027.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-027.html"},{"reference_url":"https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131"},{"reference_url":"https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267"},{"reference_url":"https://github.com/advisories/GHSA-ggmp-fxfg-277r","reference_id":"GHSA-ggmp-fxfg-277r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ggmp-fxfg-277r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384794?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-3x73-d4p4-3yd7"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aep9-2qge-vuen"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eh3r-u5g6-6ycf"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-j3py-nr8j-zbdu"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-kzxf-ahvf-27f7"},{"vulnerability":"VCID-m5we-d3j5-wqd5"},{"vulnerability":"VCID-n3c3-sf58-eycn"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ukrd-u7gt-n7as"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y2p9-ptgf-n3gp"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2016-3090","GHSA-ggmp-fxfg-277r"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhe2-xtug-sydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250682?format=json","vulnerability_id":"VCID-zbwf-seg4-ffhd","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6682","reference_id":"","reference_type":"","scores":[{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.81076","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.81136","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.81144","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0143","scoring_system":"epss","scoring_elements":"0.81135","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-6682"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/09147ffad2b3046ed21af0f524c5088e2ac551e6"},{"reference_url":"https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/bd3f2f59c9b09f70aed3ebab6bb69b464ee2d6cb"},{"reference_url":"https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/dae026a0f0511f83852053bae9d5a622e7f80486"},{"reference_url":"https://issues.apache.org/struts/browse/WW-2414","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/struts/browse/WW-2414"},{"reference_url":"https://issues.apache.org/struts/browse/WW-2427","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/struts/browse/WW-2427"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2008-6682","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-6682"},{"reference_url":"https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080610075918/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449i20.html"},{"reference_url":"https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080611112834/http://www.nabble.com/Feedback%3A-WW-2414%2C-XSS-attack-is-possible-if-using-%3Cs%3Aurl-...%3E-and-%3Cs%3Aa-...%3E-td14771449.html"},{"reference_url":"https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229155553/http://www.securityfocus.com/bid/34686"},{"reference_url":"https://github.com/advisories/GHSA-jgcr-9c2q-rvp8","reference_id":"GHSA-jgcr-9c2q-rvp8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jgcr-9c2q-rvp8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384648?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e58-4y53-muef"},{"vulnerability":"VCID-1ujm-nqz8-c3cs"},{"vulnerability":"VCID-1vm1-djr2-hqa9"},{"vulnerability":"VCID-51hz-ptkt-9kde"},{"vulnerability":"VCID-5hca-2z7m-mbb2"},{"vulnerability":"VCID-5hw1-m7yk-tbcg"},{"vulnerability":"VCID-5wx9-6ee5-xqg2"},{"vulnerability":"VCID-68qk-857f-hubx"},{"vulnerability":"VCID-69jq-8s8p-hbgj"},{"vulnerability":"VCID-6tbd-rs7c-mydf"},{"vulnerability":"VCID-7k4z-qm87-suhd"},{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-97ee-jfwc-uyh8"},{"vulnerability":"VCID-9ju6-1p9c-r7fs"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-aje2-97ey-pqba"},{"vulnerability":"VCID-ay7y-pcs2-b7dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-b469-9q7g-kkdm"},{"vulnerability":"VCID-e1us-p1ub-27gf"},{"vulnerability":"VCID-eqjg-rpr2-vqhb"},{"vulnerability":"VCID-gdqp-6qxq-fkfb"},{"vulnerability":"VCID-gp75-qf1z-dkhk"},{"vulnerability":"VCID-h325-fgpc-1yfe"},{"vulnerability":"VCID-hj23-vf24-ybbp"},{"vulnerability":"VCID-j6qg-af9t-qqf7"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-k8sn-7uy6-23a1"},{"vulnerability":"VCID-n7pm-5abc-qub9"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-q9bm-u4q3-xke1"},{"vulnerability":"VCID-qjyc-btmm-hbhd"},{"vulnerability":"VCID-r25b-7ec8-d7dt"},{"vulnerability":"VCID-ru1n-fg1x-jfa7"},{"vulnerability":"VCID-sekw-zx84-dufe"},{"vulnerability":"VCID-su1m-grr8-e7bs"},{"vulnerability":"VCID-u9gb-z5t8-ayga"},{"vulnerability":"VCID-ucby-p8k5-nkam"},{"vulnerability":"VCID-ugkf-fxza-aua3"},{"vulnerability":"VCID-v9cg-jcev-hke6"},{"vulnerability":"VCID-vk5e-n6s3-y7hr"},{"vulnerability":"VCID-vtv8-72mw-8ycu"},{"vulnerability":"VCID-x5xf-1xja-g3h1"},{"vulnerability":"VCID-xp19-pnns-xye5"},{"vulnerability":"VCID-xy1y-697m-xqed"},{"vulnerability":"VCID-y959-14dp-b7h4"},{"vulnerability":"VCID-yb3u-qut9-7qaf"},{"vulnerability":"VCID-ydze-7ynn-qfe2"},{"vulnerability":"VCID-yhe2-xtug-sydg"},{"vulnerability":"VCID-zmes-1r87-8ybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/384649?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m5we-d3j5-wqd5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.1.1"}],"aliases":["CVE-2008-6682","GHSA-jgcr-9c2q-rvp8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbwf-seg4-ffhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208791?format=json","vulnerability_id":"VCID-zmes-1r87-8ybu","summary":"Expression Language Injection in Apache Struts","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31805","reference_id":"","reference_type":"","scores":[{"value":"0.93788","scoring_system":"epss","scoring_elements":"0.99866","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31805"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-062","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220420-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220420-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220420-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220420-0001/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074788","reference_id":"2074788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074788"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31805","reference_id":"CVE-2021-31805","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31805"},{"reference_url":"https://github.com/advisories/GHSA-v8j6-6c2r-r27c","reference_id":"GHSA-v8j6-6c2r-r27c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8j6-6c2r-r27c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20121?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-87pg-kwux-b3fd"},{"vulnerability":"VCID-9jvr-uexp-53dg"},{"vulnerability":"VCID-b1er-88f7-zkan"},{"vulnerability":"VCID-jhu6-h2af-jkdh"},{"vulnerability":"VCID-p8eh-fdqf-jqf6"},{"vulnerability":"VCID-qjyc-btmm-hbhd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30"}],"aliases":["CVE-2021-31805","GHSA-v8j6-6c2r-r27c"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmes-1r87-8ybu"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.0.5"}