{"url":"http://public2.vulnerablecode.io/api/packages/50192?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.4.1","type":"maven","namespace":"org.apache.struts","name":"struts2-core","version":"2.3.4.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.8.0","latest_non_vulnerable_version":"7.1.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/270595?format=json","vulnerability_id":"VCID-1tfj-xmkp-bbfr","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"0.93188","scoring_system":"epss","scoring_elements":"0.99807","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53677"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-067","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-067"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854"},{"reference_url":"https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78"},{"reference_url":"https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53677"},{"reference_url":"https://security.netapp.com/advisory/ntap-20250103-0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20250103-0005"},{"reference_url":"https://struts.apache.org/core-developers/file-upload","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/core-developers/file-upload"},{"reference_url":"https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331686","reference_id":"2331686","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2331686"},{"reference_url":"https://github.com/advisories/GHSA-43mq-6xmg-29vm","reference_id":"GHSA-43mq-6xmg-29vm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-43mq-6xmg-29vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/187437?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nfn8-r3bb-kka7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0"}],"aliases":["CVE-2024-53677","GHSA-43mq-6xmg-29vm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tfj-xmkp-bbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9993?format=json","vulnerability_id":"VCID-1xhe-mz8d-eyem","summary":"","references":[{"reference_url":"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11776.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"0.94431","scoring_system":"epss","scoring_elements":"0.99986","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11776"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-057","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-057"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/4a3917176de2df7f33a85511d067f31e50dcc1b"},{"reference_url":"https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6e87474f9ad0549f07dd2c37d50a9ccd0977c6e"},{"reference_url":"https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6efaf900d4ffb7be8a74065af5553bad2389f72"},{"reference_url":"https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/b3bad5ea44f3fd9edb2cb491192c5900f46d45d"},{"reference_url":"https://lgtm.com/blog/apache_struts_CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://lgtm.com/blog/apache_struts_CVE-2018-11776"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0012"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180822-0001","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180822-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181018-0002","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181018-0002"},{"reference_url":"https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20180822160726/http://www.securityfocus.com/bid/105125"},{"reference_url":"https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200807025819/http://www.securitytracker.com/id/1041888"},{"reference_url":"https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201208145803/https://securitytracker.com/id/1041547"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-11776"},{"reference_url":"https://www.exploit-db.com/exploits/45260","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45260"},{"reference_url":"https://www.exploit-db.com/exploits/45262","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45262"},{"reference_url":"https://www.exploit-db.com/exploits/45367","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/45367"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-005.txt"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-11776-5072787.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/105125","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securityfocus.com/bid/105125"},{"reference_url":"http://www.securitytracker.com/id/1041547","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securitytracker.com/id/1041547"},{"reference_url":"http://www.securitytracker.com/id/1041888","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"http://www.securitytracker.com/id/1041888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620019","reference_id":"1620019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1620019"},{"reference_url":"https://www.exploit-db.com/exploits/45260/","reference_id":"45260","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45260/"},{"reference_url":"https://www.exploit-db.com/exploits/45262/","reference_id":"45262","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45262/"},{"reference_url":"https://www.exploit-db.com/exploits/45367/","reference_id":"45367","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://www.exploit-db.com/exploits/45367/"},{"reference_url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC/blob/343bf070cc8649803ea865bd64543234fec1a4f6/exploitS2-057-cmd.py"},{"reference_url":"https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://github.com/mazen160/struts-pwn_CVE-2018-11776/blob/ffaefa75242315913a8f695b6d5eab8b6143794d/struts-pwn.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/45260.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45262.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/45367.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11776","reference_id":"CVE-2018-11776","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-11776"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb","reference_id":"CVE-2018-11776","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/718aaca0f4a25827695d643568beaa784ff21518/modules/exploits/multi/http/struts2_namespace_ognl.rb"},{"reference_url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC","reference_id":"CVE-2018-11776-PYTHON-POC","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"},{"reference_url":"https://github.com/advisories/GHSA-cr6j-3jp9-rw65","reference_id":"GHSA-cr6j-3jp9-rw65","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cr6j-3jp9-rw65"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180822-0001/","reference_id":"ntap-20180822-0001","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:01:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20180822-0001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55779?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.35"},{"url":"http://public2.vulnerablecode.io/api/packages/55780?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.17"}],"aliases":["CVE-2018-11776","GHSA-cr6j-3jp9-rw65"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xhe-mz8d-eyem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9882?format=json","vulnerability_id":"VCID-1xze-jfs9-yyba","summary":"","references":[{"reference_url":"http://archiva.apache.org/security.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://archiva.apache.org/security.html"},{"reference_url":"http://cxsecurity.com/issue/WLB-2014010087","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://cxsecurity.com/issue/WLB-2014010087"},{"reference_url":"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://packetstormsecurity.com/files/159629/Apache-Struts-2-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2251","reference_id":"","reference_type":"","scores":[{"value":"0.94325","scoring_system":"epss","scoring_elements":"0.99954","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2251"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Oct/96","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://seclists.org/fulldisclosure/2013/Oct/96"},{"reference_url":"http://seclists.org/oss-sec/2014/q1/89","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://seclists.org/oss-sec/2014/q1/89"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/90392"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6"},{"reference_url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4140","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4140"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-016.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-016.html"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2251"},{"reference_url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2"},{"reference_url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.securitytracker.com/id/1029184","reference_id":"1029184","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securitytracker.com/id/1029184"},{"reference_url":"http://www.securitytracker.com/id/1032916","reference_id":"1032916","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securitytracker.com/id/1032916"},{"reference_url":"http://www.securityfocus.com/bid/61189","reference_id":"61189","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://www.securityfocus.com/bid/61189"},{"reference_url":"http://osvdb.org/98445","reference_id":"98445","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:24:31Z/"}],"url":"http://osvdb.org/98445"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt","reference_id":"CVE-2013-2251","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/44583.txt"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2251","reference_id":"CVE-2013-2251","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2251"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb","reference_id":"CVE-2013-2251;OSVDB-95405","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27135.rb"},{"reference_url":"https://github.com/advisories/GHSA-47qp-8v9g-39hp","reference_id":"GHSA-47qp-8v9g-39hp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-47qp-8v9g-39hp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50419?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1"}],"aliases":["CVE-2013-2251","GHSA-47qp-8v9g-39hp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xze-jfs9-yyba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11543?format=json","vulnerability_id":"VCID-2p29-qaqw-9fa9","summary":"Manipulation of Struts internals\nThis package allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5209","reference_id":"","reference_type":"","scores":[{"value":"0.01362","scoring_system":"epss","scoring_elements":"0.80482","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5209"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5209","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5209"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0002","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0002"},{"reference_url":"https://struts.apache.org/docs/s2-026.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-026.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51573?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.1"}],"aliases":["CVE-2015-5209","GHSA-4qgj-9mvg-3929"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p29-qaqw-9fa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9908?format=json","vulnerability_id":"VCID-2qup-v76d-8bge","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4436.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4436","reference_id":"","reference_type":"","scores":[{"value":"0.05743","scoring_system":"epss","scoring_elements":"0.90587","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4436"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/237432512df0e27013f7c7b9ab59fdce44ca34a5"},{"reference_url":"https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/27ca165ddbf81c84bafbd083b99a18d89cc49ca7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4436","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4436"},{"reference_url":"https://struts.apache.org/docs/s2-035.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-035.html"},{"reference_url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280"},{"reference_url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20161015140316/http://www.securityfocus.com/bid/91280/"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009282"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348233","reference_id":"1348233","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348233"},{"reference_url":"https://github.com/advisories/GHSA-xm92-v2mq-842q","reference_id":"GHSA-xm92-v2mq-842q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xm92-v2mq-842q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51748?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"},{"url":"http://public2.vulnerablecode.io/api/packages/51749?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2rqk-2gkx-dkds"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-tmm5-hrp4-r7hy"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.1"}],"aliases":["CVE-2016-4436","GHSA-xm92-v2mq-842q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2qup-v76d-8bge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9817?format=json","vulnerability_id":"VCID-3q92-5sz9-2kd3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1327.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1327","reference_id":"","reference_type":"","scores":[{"value":"0.0622","scoring_system":"epss","scoring_elements":"0.9102","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1327"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-056","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-056"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/4260bee634cb606be6071bce2383fddb510608aa"},{"reference_url":"https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/67ecf3a21608e20449bcb7895b22204b400fecd4"},{"reference_url":"https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/9260720568cee9e868d2899228eceed0c3359323"},{"reference_url":"https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r02c2d634fa74209d941c90f9a4cd36a6f12366ca65f9b90446ff2de3@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf482c101a88445d73cc2e89dbf7f16ae00a4aa79a544a1e72b2326db@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180330-0001","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180330-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180330-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180330-0001/"},{"reference_url":"https://struts.apache.org/docs/s2-056.html","reference_id":"","reference_type":"","scores":[],"url":"https://struts.apache.org/docs/s2-056.html"},{"reference_url":"https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227124859/http://www.securityfocus.com/bid/103516"},{"reference_url":"https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200923124543/http://www.securitytracker.com/id/1040575"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.securityfocus.com/bid/103516","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103516"},{"reference_url":"http://www.securitytracker.com/id/1040575","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561007","reference_id":"1561007","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561007"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2018-1327","reference_id":"CVE-2018-1327","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2018-1327"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1327","reference_id":"CVE-2018-1327","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1327"},{"reference_url":"https://github.com/advisories/GHSA-38cr-2ph5-frr9","reference_id":"GHSA-38cr-2ph5-frr9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38cr-2ph5-frr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54226?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.16"}],"aliases":["CVE-2018-1327","GHSA-38cr-2ph5-frr9"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q92-5sz9-2kd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9792?format=json","vulnerability_id":"VCID-6b94-6fkt-afdu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1966","reference_id":"","reference_type":"","scores":[{"value":"0.91096","scoring_system":"epss","scoring_elements":"0.9966","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1966"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-013","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-013"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-013.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-013.html"},{"reference_url":"http://struts.apache.org/docs/s2-013.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-013.html"},{"reference_url":"http://struts.apache.org/docs/s2-014.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-014.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1966","reference_id":"CVE-2013-1966","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1966"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb","reference_id":"CVE-2013-2115;OSVDB-93645;CVE-2013-1966","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/25980.rb"},{"reference_url":"https://github.com/advisories/GHSA-737w-mh58-cxjp","reference_id":"GHSA-737w-mh58-cxjp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-737w-mh58-cxjp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50405?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-1xze-jfs9-yyba"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-gbqn-ywy3-d7cu"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mw23-ujhz-a7cs"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-pmr8-6zz1-ryf2"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-sgb7-h4sp-dbgf"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2"}],"aliases":["CVE-2013-1966","GHSA-737w-mh58-cxjp"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6b94-6fkt-afdu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9788?format=json","vulnerability_id":"VCID-86yh-tym8-f3hh","summary":"","references":[{"reference_url":"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5638.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5638","reference_id":"","reference_type":"","scores":[{"value":"0.94267","scoring_system":"epss","scoring_elements":"0.99938","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5638"},{"reference_url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-045","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-045"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-046","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-046"},{"reference_url":"https://exploit-db.com/exploits/41570","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://exploit-db.com/exploits/41570"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=352306493971e7d5a756d61780d57a76eb1f519a"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git%3Ba=commit%3Bh=6b8272ce47160036ed120a48345d9aa884477228"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=352306493971e7d5a756d61780d57a76eb1f519a"},{"reference_url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git1-us-west.apache.org/repos/asf?p=struts.git;a=commit;h=6b8272ce47160036ed120a48345d9aa884477228"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/352306493971e7d5a756d61780d57a76eb1f519a"},{"reference_url":"https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6b8272ce47160036ed120a48345d9aa884477228"},{"reference_url":"https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/b06dd50af2a3319dd896bf5c2f4972d2b772cf2b"},{"reference_url":"https://github.com/mazen160/struts-pwn","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://github.com/mazen160/struts-pwn"},{"reference_url":"https://github.com/rapid7/metasploit-framework/issues/8064","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://github.com/rapid7/metasploit-framework/issues/8064"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03733en_us"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03749en_us"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03723en_us"},{"reference_url":"https://isc.sans.edu/diary/22169","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://isc.sans.edu/diary/22169"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"},{"reference_url":"https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://nmap.org/nsedoc/scripts/http-vuln-cve2017-5638.html"},{"reference_url":"https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt"},{"reference_url":"https://security.netapp.com/advisory/ntap-20170310-0001","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20170310-0001"},{"reference_url":"https://struts.apache.org/docs/s2-045.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://struts.apache.org/docs/s2-045.html"},{"reference_url":"https://struts.apache.org/docs/s2-046.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://struts.apache.org/docs/s2-046.html"},{"reference_url":"https://support.lenovo.com/us/en/product_security/len-14200","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://support.lenovo.com/us/en/product_security/len-14200"},{"reference_url":"https://twitter.com/theog150/status/841146956135124993","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://twitter.com/theog150/status/841146956135124993"},{"reference_url":"https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170311203630/http://www.securityfocus.com/bid/96729"},{"reference_url":"https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170921030226/http://www.securitytracker.com/id/1037973"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-5638"},{"reference_url":"https://www.exploit-db.com/exploits/41614","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/41614"},{"reference_url":"https://www.kb.cert.org/vuls/id/834067","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.kb.cert.org/vuls/id/834067"},{"reference_url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA145","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.symantec.com/security-center/network-protection-security-advisories/SA145"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-002.txt"},{"reference_url":"http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.eweek.com/security/apache-struts-vulnerability-under-attack.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.securityfocus.com/bid/96729","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.securityfocus.com/bid/96729"},{"reference_url":"http://www.securitytracker.com/id/1037973","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://www.securitytracker.com/id/1037973"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1430326","reference_id":"1430326","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1430326"},{"reference_url":"https://www.exploit-db.com/exploits/41614/","reference_id":"41614","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.exploit-db.com/exploits/41614/"},{"reference_url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/","reference_id":"critical-vulnerability-under-massive-attack-imperils-high-impact-sites","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/"},{"reference_url":"https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://github.com/nixawk/labs/tree/17cf725d64f33ef51b820dea4fc1e6133f579d64/CVE-2017-5638"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/173633263853c7717caa658a9b98350b985cda02/modules/exploits/multi/http/struts2_content_type_ognl.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/41570.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb","reference_id":"CVE-2017-5638","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41614.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5638","reference_id":"CVE-2017-5638","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5638"},{"reference_url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/","reference_id":"cve-2017-5638-apache-struts-vulnerability-remote-code-execution","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/"},{"reference_url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution","reference_id":"CVE-2017-5638-APACHE-STRUTS-VULNERABILITY-REMOTE-CODE-EXECUTION","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution"},{"reference_url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/","reference_id":"cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2/"},{"reference_url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2","reference_id":"CVE-2017-5638-NEW-REMOTE-CODE-EXECUTION-RCE-VULNERABILITY-IN-APACHE-STRUTS-2","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.imperva.com/blog/2017/03/cve-2017-5638-new-remote-code-execution-rce-vulnerability-in-apache-struts-2"},{"reference_url":"https://github.com/advisories/GHSA-j77q-2qqg-6989","reference_id":"GHSA-j77q-2qqg-6989","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j77q-2qqg-6989"},{"reference_url":"https://security.netapp.com/advisory/ntap-20170310-0001/","reference_id":"ntap-20170310-0001","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:06:33Z/"}],"url":"https://security.netapp.com/advisory/ntap-20170310-0001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52698?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.32"},{"url":"http://public2.vulnerablecode.io/api/packages/52699?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-tmm5-hrp4-r7hy"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1"}],"aliases":["CVE-2017-5638","GHSA-j77q-2qqg-6989"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86yh-tym8-f3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10076?format=json","vulnerability_id":"VCID-8huk-86a6-27cw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3093.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3093","reference_id":"","reference_type":"","scores":[{"value":"0.05068","scoring_system":"epss","scoring_elements":"0.89938","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3093"},{"reference_url":"https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/jkuhnert/ognl/commit/ae43073fbf38db8371ff4f8bf2a966ee3b5f7e92"},{"reference_url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"},{"reference_url":"https://struts.apache.org/docs/s2-034.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-034.html"},{"reference_url":"http://struts.apache.org/docs/s2-034.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-034.html"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21987854"},{"reference_url":"http://www.securityfocus.com/bid/90961","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/90961"},{"reference_url":"http://www.securitytracker.com/id/1036018","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036018"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341677","reference_id":"1341677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341677"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3093","reference_id":"CVE-2016-3093","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3093"},{"reference_url":"https://github.com/advisories/GHSA-383p-xqxx-rrmp","reference_id":"GHSA-383p-xqxx-rrmp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-383p-xqxx-rrmp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51574?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"}],"aliases":["CVE-2016-3093","GHSA-383p-xqxx-rrmp"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8huk-86a6-27cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10093?format=json","vulnerability_id":"VCID-8zze-44sk-audx","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3082","reference_id":"","reference_type":"","scores":[{"value":"0.24626","scoring_system":"epss","scoring_elements":"0.96227","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3082"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/6bd694b7980494c12d49ca1bf39f12aec3e03e2f"},{"reference_url":"http://struts.apache.org/docs/s2-031.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-031.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3082","reference_id":"CVE-2016-3082","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3082"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51621?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51574?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51622?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28.1"}],"aliases":["CVE-2016-3082","GHSA-pvm9-288c-v5wq"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zze-44sk-audx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10206?format=json","vulnerability_id":"VCID-aaet-jdfc-mbek","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6795","reference_id":"","reference_type":"","scores":[{"value":"0.04732","scoring_system":"epss","scoring_elements":"0.89574","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6795"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/030ffa33543f8953306ed0c0dc815c7fb74d7129"},{"reference_url":"https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8e67b9144aa643769b261e2492cb561e04d016ab"},{"reference_url":"https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c1869f4989942dd33fa4e189e0ac1f766fb5ac14"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0003/"},{"reference_url":"https://struts.apache.org/docs/s2-042.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-042.html"},{"reference_url":"https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227214705/http://www.securityfocus.com/bid/93773"},{"reference_url":"http://www.securityfocus.com/bid/93773","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93773"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6795","reference_id":"CVE-2016-6795","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-6795"},{"reference_url":"https://github.com/advisories/GHSA-44hv-jjx7-qfjg","reference_id":"GHSA-44hv-jjx7-qfjg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-44hv-jjx7-qfjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61878?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.31"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2rqk-2gkx-dkds"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-tmm5-hrp4-r7hy"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.5"}],"aliases":["CVE-2016-6795","GHSA-44hv-jjx7-qfjg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aaet-jdfc-mbek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17814?format=json","vulnerability_id":"VCID-b4nv-2pd9-pqdw","summary":"Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to no sanity limit on normal form fields in multipart forms. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to an OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34396","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.31042","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34396"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-064","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-064"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/06/14/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/06/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34396","reference_id":"CVE-2023-34396","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34396"},{"reference_url":"https://github.com/advisories/GHSA-4g42-gqrg-4633","reference_id":"GHSA-4g42-gqrg-4633","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g42-gqrg-4633"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005/","reference_id":"ntap-20230706-0005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:04:35Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64296?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31"},{"url":"http://public2.vulnerablecode.io/api/packages/64297?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1"}],"aliases":["CVE-2023-34396","GHSA-4g42-gqrg-4633"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b4nv-2pd9-pqdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11619?format=json","vulnerability_id":"VCID-c5xy-yhrn-fqf2","summary":"Cross-Site Scripting vulnerability on \"Problem Report\" screen\nWhen Debug mode is turned on, under certain conditions an arbitrary script may be executed in the `Problem Report` screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script.","references":[{"reference_url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000125.html"},{"reference_url":"http://jvn.jp/en/jp/JVN95989300/index.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN95989300/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5169","reference_id":"","reference_type":"","scores":[{"value":"0.01198","scoring_system":"epss","scoring_elements":"0.79199","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5169"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260087","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260087"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5169","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5169"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0003"},{"reference_url":"https://struts.apache.org/docs/s2-025.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-025.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51012?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-h3mw-239q-cbgn"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2015-5169","GHSA-vwhv-j36g-5rm8"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c5xy-yhrn-fqf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14889?format=json","vulnerability_id":"VCID-ce3p-yaze-v7fy","summary":"Remote code execution in Apache Struts\nForced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.","references":[{"reference_url":"http://jvn.jp/en/jp/JVN43969166/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://jvn.jp/en/jp/JVN43969166/index.html"},{"reference_url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17530","reference_id":"","reference_type":"","scores":[{"value":"0.94373","scoring_system":"epss","scoring_elements":"0.99967","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17530"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-061","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-061"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0005","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210115-0005"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-17530"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/12/6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/04/12/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905645","reference_id":"1905645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1905645"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17530","reference_id":"CVE-2020-17530","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17530"},{"reference_url":"https://github.com/advisories/GHSA-jc35-q369-45pv","reference_id":"GHSA-jc35-q369-45pv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jc35-q369-45pv"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210115-0005/","reference_id":"ntap-20210115-0005","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T20:53:17Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210115-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59402?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.26","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.26"}],"aliases":["CVE-2020-17530","GHSA-jc35-q369-45pv"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ce3p-yaze-v7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95169?format=json","vulnerability_id":"VCID-dzkb-wjvw-qufb","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000124.html"},{"reference_url":"http://jvn.jp/en/jp/JVN88408929/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN88408929/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2992.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2992","reference_id":"","reference_type":"","scores":[{"value":"0.00992","scoring_system":"epss","scoring_elements":"0.77207","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2992"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-025","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-025"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/Security","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/Security"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200330-0001","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200330-0001"},{"reference_url":"http://www.securityfocus.com/bid/76624","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/76624"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260101","reference_id":"1260101","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1260101"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2992","reference_id":"CVE-2015-2992","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2992"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51012?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-h3mw-239q-cbgn"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2015-2992","GHSA-265r-pp83-gww7"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzkb-wjvw-qufb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9758?format=json","vulnerability_id":"VCID-ee2d-r8vy-skhq","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2162","reference_id":"","reference_type":"","scores":[{"value":"0.01235","scoring_system":"epss","scoring_elements":"0.79528","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/blob/f511034acd7b97e07d281169b38e2af40c94903d/core/src/main/java/org/apache/struts2/interceptor/I18nInterceptor.java"},{"reference_url":"https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/fc2179cf1ac9fbfb61e3430fa88b641d87253327"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2162","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2162"},{"reference_url":"http://struts.apache.org/docs/s2-030.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-030.html"},{"reference_url":"https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095722/http://www.securityfocus.com/bid/85070"},{"reference_url":"https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210801130539/http://www.securitytracker.com/id/1035272"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326724","reference_id":"1326724","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326724"},{"reference_url":"https://github.com/advisories/GHSA-2j4q-9fff-236j","reference_id":"GHSA-2j4q-9fff-236j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2j4q-9fff-236j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51620?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-2162","GHSA-2j4q-9fff-236j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ee2d-r8vy-skhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9850?format=json","vulnerability_id":"VCID-es18-pf68-h3de","summary":"","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-09/0107.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4316.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4316","reference_id":"","reference_type":"","scores":[{"value":"0.06168","scoring_system":"epss","scoring_elements":"0.90973","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4316"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1"},{"reference_url":"https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4316","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4316"},{"reference_url":"http://struts.apache.org/docs/s2-019.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-019.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-019.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-019.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4316"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013036","reference_id":"1013036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013036"},{"reference_url":"https://github.com/advisories/GHSA-j7h6-xr7g-m2c5","reference_id":"GHSA-j7h6-xr7g-m2c5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j7h6-xr7g-m2c5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50522?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.2"}],"aliases":["CVE-2013-4316","GHSA-j7h6-xr7g-m2c5"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-es18-pf68-h3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9966?format=json","vulnerability_id":"VCID-ev69-3d1j-nuac","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4003.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4003","reference_id":"","reference_type":"","scores":[{"value":"0.02629","scoring_system":"epss","scoring_elements":"0.85946","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4003"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/4720f46a63caaf9db97ba27dc51ac5ad21e66bdc"},{"reference_url":"https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/5421930b49822606792f36653b17d3d95ef106f9"},{"reference_url":"https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/72471d7075681bea52046645ad7aa34e9c53751e"},{"reference_url":"https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/76f188406eb9f17a06afcb5f49f0c44d749da0d2"},{"reference_url":"https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/a89bbe22cd2461748d595a89a254de888a415e6c"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4507","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4507"},{"reference_url":"http://struts.apache.org/docs/s2-028.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-028.html"},{"reference_url":"https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161119142317/http://www.securityfocus.com/bid/86311"},{"reference_url":"https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20161221184936/http://www.securitytracker.com/id/1035268"},{"reference_url":"http://www.securityfocus.com/bid/86311","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/86311"},{"reference_url":"http://www.securitytracker.com/id/1035268","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035268"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326725","reference_id":"1326725","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326725"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4003","reference_id":"CVE-2016-4003","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51574?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51620?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-4003","GHSA-m3x6-9v6h-4g28"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev69-3d1j-nuac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9804?format=json","vulnerability_id":"VCID-f4kx-q41m-5qer","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12611.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611","reference_id":"","reference_type":"","scores":[{"value":"0.94228","scoring_system":"epss","scoring_elements":"0.99929","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-12611"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2306f5f7fad7f0157f216f34331238feb0539fa"},{"reference_url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/637ad1c3707266c33daabb18d7754e795e6681f"},{"reference_url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001"},{"reference_url":"https://struts.apache.org/docs/s2-053.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-053.html"},{"reference_url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170923161654/http://www.securityfocus.com/bid/100829"},{"reference_url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"reference_url":"http://www.securityfocus.com/bid/100829","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478","reference_id":"1489478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489478"},{"reference_url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://github.com/brianwrf/S2-053-CVE-2017-12611/blob/a587bbdc79843fe44ad3fe0439d7add3f887bc31/exploit.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py","reference_id":"CVE-2017-12611","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44556.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611","reference_id":"CVE-2017-12611","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12611"},{"reference_url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm","reference_id":"GHSA-8fx9-5hx8-crhm","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fx9-5hx8-crhm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51621?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/53059?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.34"},{"url":"http://public2.vulnerablecode.io/api/packages/52699?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-tmm5-hrp4-r7hy"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.10.1"},{"url":"http://public2.vulnerablecode.io/api/packages/73935?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52701?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.12"}],"aliases":["CVE-2017-12611","GHSA-8fx9-5hx8-crhm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4kx-q41m-5qer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15596?format=json","vulnerability_id":"VCID-fmf4-k1py-g7fh","summary":"Unrestricted Upload of File with Dangerous Type\nA local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1592","reference_id":"","reference_type":"","scores":[{"value":"0.00588","scoring_system":"epss","scoring_elements":"0.69462","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76"},{"reference_url":"https://issues.apache.org/jira/browse/WW-5055","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-5055"},{"reference_url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b%40%3Cissues.struts.apache.org%3E"},{"reference_url":"https://seclists.org/bugtraq/2012/Mar/110","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2012/Mar/110"},{"reference_url":"https://struts.apache.org/security/#internal-security-mechanism","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/security/#internal-security-mechanism"},{"reference_url":"https://www.openwall.com/lists/oss-security/2012/03/28/12","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2012/03/28/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/28/12","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/03/28/12"},{"reference_url":"https://access.redhat.com/security/cve/cve-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2012-1592"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2012-1592"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml","reference_id":"CVE-2012-1592;OSVDB-80547","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/java/webapps/37009.xml"},{"reference_url":"https://www.securityfocus.com/bid/52702/info","reference_id":"CVE-2012-1592;OSVDB-80547","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/52702/info"},{"reference_url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf","reference_id":"GHSA-8m5q-crqq-6pmf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58678?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2012-1592","GHSA-8m5q-crqq-6pmf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmf4-k1py-g7fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9739?format=json","vulnerability_id":"VCID-gbqn-ywy3-d7cu","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2134","reference_id":"","reference_type":"","scores":[{"value":"0.90936","scoring_system":"epss","scoring_elements":"0.99648","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2134"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-015","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-015"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201409-04.xml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201409-04.xml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0"},{"reference_url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f"},{"reference_url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3"},{"reference_url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4090","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4090"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4094","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4094"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4095","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4095"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-015.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-015.html"},{"reference_url":"http://struts.apache.org/docs/s2-015.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-015.html"},{"reference_url":"https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140226173351/http://www.securityfocus.com/bid/60346"},{"reference_url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2134","reference_id":"CVE-2013-2134","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2134"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt","reference_id":"CVE-2013-2134;OSVDB-93969","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38549.txt"},{"reference_url":"https://www.securityfocus.com/bid/60345/info","reference_id":"CVE-2013-2134;OSVDB-93969","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/60345/info"},{"reference_url":"https://github.com/advisories/GHSA-gqqm-564f-vvxq","reference_id":"GHSA-gqqm-564f-vvxq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gqqm-564f-vvxq"},{"reference_url":"https://security.gentoo.org/glsa/201409-04","reference_id":"GLSA-201409-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201409-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50415?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-1xze-jfs9-yyba"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-sgb7-h4sp-dbgf"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-2134","GHSA-gqqm-564f-vvxq"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbqn-ywy3-d7cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9879?format=json","vulnerability_id":"VCID-hkhz-8ee5-57fm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2115","reference_id":"","reference_type":"","scores":[{"value":"0.8761","scoring_system":"epss","scoring_elements":"0.9948","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967656"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-013"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-014","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-014"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d7804297e319c7a12245e1b536e565fcea6d650"},{"reference_url":"https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d934c6e7430b7b98e43a0a085a2304bd31a75c3d"},{"reference_url":"https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/ea96d18d0f75c390d2595648efa3563785c272c6"},{"reference_url":"https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/fed4f8e8a4ec69b5e7612b92d8ce3e476680474"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4063","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4063"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-014.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-014.html"},{"reference_url":"http://struts.apache.org/docs/s2-014.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-014.html"},{"reference_url":"https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140212000331/http://www.securityfocus.com/bid/60167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2115","reference_id":"CVE-2013-2115","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2115"},{"reference_url":"https://github.com/advisories/GHSA-7ghm-rpc7-p7g5","reference_id":"GHSA-7ghm-rpc7-p7g5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ghm-rpc7-p7g5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50405?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-1xze-jfs9-yyba"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-gbqn-ywy3-d7cu"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mw23-ujhz-a7cs"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-pmr8-6zz1-ryf2"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-sgb7-h4sp-dbgf"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.2"}],"aliases":["CVE-2013-2115","GHSA-7ghm-rpc7-p7g5"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkhz-8ee5-57fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16317?format=json","vulnerability_id":"VCID-hszd-513t-xucj","summary":"Apache Struts forced double OGNL evaluation\nApache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a \"%{}\" sequence in a tag attribute, aka forced double OGNL evaluation.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4461","reference_id":"","reference_type":"","scores":[{"value":"0.01704","scoring_system":"epss","scoring_elements":"0.82619","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4461"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0004","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0004"},{"reference_url":"https://struts.apache.org/docs/s2-036.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-036.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4461","reference_id":"CVE-2016-4461","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4461"},{"reference_url":"https://github.com/advisories/GHSA-864w-r5qj-h6fj","reference_id":"GHSA-864w-r5qj-h6fj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-864w-r5qj-h6fj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51748?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"}],"aliases":["CVE-2016-4461","GHSA-864w-r5qj-h6fj"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hszd-513t-xucj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10003?format=json","vulnerability_id":"VCID-huug-6mey-9fgz","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0116.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0116","reference_id":"","reference_type":"","scores":[{"value":"0.02831","scoring_system":"epss","scoring_elements":"0.86434","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0116"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1a668af7f1ffccea4a3b46d8d8c1fe1c7331ff02"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0116","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0116"},{"reference_url":"http://struts.apache.org/docs/s2-022.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-022.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-022.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-022.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0116"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1094558","reference_id":"1094558","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1094558"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50756?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51012?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-h3mw-239q-cbgn"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0116","GHSA-hmhq-382q-mp56"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-huug-6mey-9fgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15495?format=json","vulnerability_id":"VCID-jyrs-6kjh-3qfa","summary":"Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')\nThe fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31805","reference_id":"","reference_type":"","scores":[{"value":"0.93788","scoring_system":"epss","scoring_elements":"0.99865","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31805"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-062","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-062"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220420-0001","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220420-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220420-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20220420-0001/"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/12/6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/04/12/6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074788","reference_id":"2074788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074788"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31805","reference_id":"CVE-2021-31805","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31805"},{"reference_url":"https://github.com/advisories/GHSA-v8j6-6c2r-r27c","reference_id":"GHSA-v8j6-6c2r-r27c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8j6-6c2r-r27c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60334?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.30"}],"aliases":["CVE-2021-31805","GHSA-v8j6-6c2r-r27c"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jyrs-6kjh-3qfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10147?format=json","vulnerability_id":"VCID-k6eu-y8xc-5kbj","summary":"","references":[{"reference_url":"http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html","reference_id":"","reference_type":"","scores":[],"url":"http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html"},{"reference_url":"http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/129421/Apache-Struts-2.3.20-Security-Fixes.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7809.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7809","reference_id":"","reference_type":"","scores":[{"value":"0.07545","scoring_system":"epss","scoring_elements":"0.91947","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7809"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/1f301038a751bf16e525607c3db513db835b2999"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7809","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7809"},{"reference_url":"http://struts.apache.org/docs/s2-023.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-023.html"},{"reference_url":"https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150201180327/http://www.securitytracker.com/id/1031309"},{"reference_url":"https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150820131625/http://www.securityfocus.com/bid/71548"},{"reference_url":"https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20201023114849/http://www.securityfocus.com/archive/1/534175/100/0/threaded"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172133","reference_id":"1172133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1172133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51012?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-h3mw-239q-cbgn"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-7809","GHSA-h4v9-jf2r-9h6m"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6eu-y8xc-5kbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10002?format=json","vulnerability_id":"VCID-knq3-w2wm-4uae","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045"},{"reference_url":"http://jvn.jp/en/jp/JVN19294237/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19294237/index.html"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0094.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0094","reference_id":"","reference_type":"","scores":[{"value":"0.93134","scoring_system":"epss","scoring_elements":"0.99799","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0094"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f"},{"reference_url":"https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-020.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-020.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"},{"reference_url":"http://www.konakart.com/downloads/ver-7-3-0-0-whats-new","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.konakart.com/downloads/ver-7-3-0-0-whats-new"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1073716","reference_id":"1073716","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1073716"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0094","reference_id":"CVE-2014-0094","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0094"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb","reference_id":"CVE-2014-0113;CVE-2014-0112;CVE-2014-0094;OSVDB-103918","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33142.rb"},{"reference_url":"https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb","reference_id":"CVE-2014-0114;CVE-2014-0112;CVE-2014-0094","reference_type":"exploit","scores":[],"url":"https://github.com/rapid7/metasploit-framework/blob/3123175ac75c38bec5165e01cda05e3b38287003/modules/exploits/multi/http/struts_code_exec_classloader.rb"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb","reference_id":"CVE-2014-0114;CVE-2014-0112;CVE-2014-0094","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/41690.rb"},{"reference_url":"https://github.com/advisories/GHSA-vrwc-qjmw-5rjm","reference_id":"GHSA-vrwc-qjmw-5rjm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vrwc-qjmw-5rjm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50677?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"}],"aliases":["CVE-2014-0094","GHSA-vrwc-qjmw-5rjm"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-knq3-w2wm-4uae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9712?format=json","vulnerability_id":"VCID-mw23-ujhz-a7cs","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2135","reference_id":"","reference_type":"","scores":[{"value":"0.83013","scoring_system":"epss","scoring_elements":"0.99272","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2135"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-015","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-015"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e"},{"reference_url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/01e6b251b4db78bfb7971033652e81d1af4cb3e0"},{"reference_url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/041206d2a693d02c0cb2e72765275e55ba14049f"},{"reference_url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/113c47082c09818bcef65acc436a2d0c7c47aa6c"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe"},{"reference_url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/54e5c912ebd9a1599bfcf7a719da17c28127bbe3"},{"reference_url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/711cf0201cdd319a38cf29238913312355db29ba"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa3"},{"reference_url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/8b4fc81daeea3834bcbf73de5f48d0021917aa37"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c1"},{"reference_url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/cfb6e9afbae320a4dd5bdd655154ab9fe5a92c16"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4090","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4090"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4094","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4094"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4095","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4095"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-015.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-015.html"},{"reference_url":"http://struts.apache.org/docs/s2-015.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-015.html"},{"reference_url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140410223942/http://www.securityfocus.com/bid/64758"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2135","reference_id":"CVE-2013-2135","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2135"},{"reference_url":"https://github.com/advisories/GHSA-pw8r-x2qm-3h5m","reference_id":"GHSA-pw8r-x2qm-3h5m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pw8r-x2qm-3h5m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50415?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-1xze-jfs9-yyba"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-sgb7-h4sp-dbgf"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-2135","GHSA-pw8r-x2qm-3h5m"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mw23-ujhz-a7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22068?format=json","vulnerability_id":"VCID-mxqs-9njm-hbhq","summary":"Apache Struts 2 is Missing XML Validation\nMissing XML Validation vulnerability in Apache Struts, Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.\n\nUsers are recommended to upgrade to version 6.1.1, which fixes the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1023","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68493"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-069","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-069"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/01/11/2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/01/11/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559","reference_id":"2428559","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428559"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493","reference_id":"CVE-2025-68493","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68493"},{"reference_url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7","reference_id":"GHSA-qcfc-hmrc-59x7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcfc-hmrc-59x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/111057?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5-BETA1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5-BETA1"},{"url":"http://public2.vulnerablecode.io/api/packages/72104?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1"}],"aliases":["CVE-2025-68493","GHSA-qcfc-hmrc-59x7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxqs-9njm-hbhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14411?format=json","vulnerability_id":"VCID-nb8f-hdtw-9fdk","summary":"Improperly Controlled Modification of Dynamically-Determined Object Attributes\nApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.","references":[{"reference_url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html"},{"reference_url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0230.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0230","reference_id":"","reference_type":"","scores":[{"value":"0.93849","scoring_system":"epss","scoring_elements":"0.99875","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0230"},{"reference_url":"https://cwiki.apache.org/confluence/display/ww/s2-059","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/ww/s2-059"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2982840","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.support.sap.com/#/notes/2982840"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869672","reference_id":"1869672","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869672"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py","reference_id":"CVE-2019-0230","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/49068.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230","reference_id":"CVE-2019-0230","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230"},{"reference_url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727","reference_id":"GHSA-wp4h-pvgw-5727","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58678?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2019-0230","GHSA-wp4h-pvgw-5727"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nb8f-hdtw-9fdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/21799?format=json","vulnerability_id":"VCID-nfn8-r3bb-kka7","summary":"Apache Struts has a Denial of Service vulnerability\nDenial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.\n\nThis issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.\n\nUsers are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66675","reference_id":"","reference_type":"","scores":[{"value":"0.00201","scoring_system":"epss","scoring_elements":"0.42101","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66675"},{"reference_url":"https://cve.org/CVERecord?id=CVE-2025-64775","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/"}],"url":"https://cve.org/CVERecord?id=CVE-2025-64775"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-068","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-068"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66675","reference_id":"CVE-2025-66675","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66675"},{"reference_url":"https://github.com/advisories/GHSA-rg58-xhh7-mqjw","reference_id":"GHSA-rg58-xhh7-mqjw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg58-xhh7-mqjw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71474?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.8.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/71475?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@7.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1"}],"aliases":["CVE-2025-66675","GHSA-rg58-xhh7-mqjw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfn8-r3bb-kka7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10428?format=json","vulnerability_id":"VCID-nqwc-36ke-b3ff","summary":"XSS via malicious action parameter\nMultiple cross-site scripting (XSS) vulnerabilities in this package allow remote attackers to inject arbitrary web script or HTML via the namespace parameter to `actionNames.action` and `showConfig.action` in `config-browser/`.","references":[{"reference_url":"http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/123805/Struts-2.3.15.3-Cross-Site-Scripting.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"0.02766","scoring_system":"epss","scoring_elements":"0.86282","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6348"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6348"},{"reference_url":"http://seclists.org/fulldisclosure/2013/Oct/244","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2013/Oct/244"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4213","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4213"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-6348"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2013-6348"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1533354","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1533354"},{"reference_url":"https://ubuntu.com/security/CVE-2013-6348","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/security/CVE-2013-6348"},{"reference_url":"https://github.com/advisories/GHSA-3g8j-jj54-3vjg","reference_id":"GHSA-3g8j-jj54-3vjg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3g8j-jj54-3vjg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51618?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16"}],"aliases":["CVE-2013-6348","GHSA-3g8j-jj54-3vjg"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nqwc-36ke-b3ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9782?format=json","vulnerability_id":"VCID-pjw9-sxen-b3cu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0785.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0785","reference_id":"","reference_type":"","scores":[{"value":"0.17798","scoring_system":"epss","scoring_elements":"0.95244","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0785"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/15857a69e7baf3675804495a5954cd0756ac8364"},{"reference_url":"http://struts.apache.org/docs/s2-029.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/docs/s2-029.html"},{"reference_url":"https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095715/http://www.securityfocus.com/bid/85066"},{"reference_url":"https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220118185853/http://www.securitytracker.com/id/1035271"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326720","reference_id":"1326720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1326720"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0785","reference_id":"CVE-2016-0785","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0785"},{"reference_url":"https://github.com/advisories/GHSA-876p-4wgc-75rx","reference_id":"GHSA-876p-4wgc-75rx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-876p-4wgc-75rx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51621?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51574?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/51620?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.28"}],"aliases":["CVE-2016-0785","GHSA-876p-4wgc-75rx"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjw9-sxen-b3cu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9750?format=json","vulnerability_id":"VCID-pmr8-6zz1-ryf2","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1965","reference_id":"","reference_type":"","scores":[{"value":"0.91789","scoring_system":"epss","scoring_elements":"0.99701","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1965"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=967655","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=967655"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/7e6f641ebb142663cbd1653dc49bed725edf7f56"},{"reference_url":"http://struts.apache.org/development/2.x/docs/s2-012.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/development/2.x/docs/s2-012.html"},{"reference_url":"http://struts.apache.org/docs/s2-012.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-012.html"},{"reference_url":"https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140227231557/http://www.securityfocus.com/bid/60082"},{"reference_url":"http://www.securityfocus.com/bid/60082","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/60082"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1965","reference_id":"CVE-2013-1965","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1965"},{"reference_url":"https://github.com/advisories/GHSA-whmq-v94q-34p9","reference_id":"GHSA-whmq-v94q-34p9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-whmq-v94q-34p9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50415?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-1xze-jfs9-yyba"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-sgb7-h4sp-dbgf"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.14.3"}],"aliases":["CVE-2013-1965","GHSA-whmq-v94q-34p9"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmr8-6zz1-ryf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10165?format=json","vulnerability_id":"VCID-q9p6-sxpv-g7gp","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000110"},{"reference_url":"http://jvn.jp/en/jp/JVN07710476/index.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN07710476/index.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4438.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4438","reference_id":"","reference_type":"","scores":[{"value":"0.62087","scoring_system":"epss","scoring_elements":"0.9837","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4438"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348238","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1348238"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/6d7ac40dcede1793a4534a3dc249fd562d495e8c"},{"reference_url":"https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/76eb8f38a33ad0f1f48464ee1311559c8d52dd6d"},{"reference_url":"https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/c9c21378f2fb2ff21355c128c45e106ebd87ad7c"},{"reference_url":"https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/deefeffd11425f0cd0b797cd86a9b3550234262b"},{"reference_url":"https://struts.apache.org/docs/s2-037.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-037.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4438","reference_id":"CVE-2016-4438","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4438"},{"reference_url":"https://github.com/advisories/GHSA-4prj-vw9j-v6pr","reference_id":"GHSA-4prj-vw9j-v6pr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4prj-vw9j-v6pr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51748?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.29"}],"aliases":["CVE-2016-4438","GHSA-4prj-vw9j-v6pr"],"risk_score":0.3,"exploitability":"0.5","weighted_severity":"0.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q9p6-sxpv-g7gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17800?format=json","vulnerability_id":"VCID-rxsu-5hkz-ube8","summary":"Apache Struts vulnerable to memory exhaustion\nDenial of service via out of memory (OOM) owing to not properly checking of list bounds. When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.\n\nUpgrade to Struts 2.5.31 or 6.1.2.1 or greater.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34149","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20766","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34149"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-063","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-063"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_2_5_31"},{"reference_url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/releases/tag/STRUTS_6_1_2_1"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/06/14/2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/06/14/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34149","reference_id":"CVE-2023-34149","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34149"},{"reference_url":"https://github.com/advisories/GHSA-8f6x-v685-g2xc","reference_id":"GHSA-8f6x-v685-g2xc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f6x-v685-g2xc"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230706-0005/","reference_id":"ntap-20230706-0005","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:02:16Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230706-0005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64296?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.31"},{"url":"http://public2.vulnerablecode.io/api/packages/64297?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.1"}],"aliases":["CVE-2023-34149","GHSA-8f6x-v685-g2xc"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rxsu-5hkz-ube8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16396?format=json","vulnerability_id":"VCID-sd6f-umkv-ffc2","summary":"Improper Input Validation\nThe TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3090","reference_id":"","reference_type":"","scores":[{"value":"0.02195","scoring_system":"epss","scoring_elements":"0.84682","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3090"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0005","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180629-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180629-0005/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180629-0005/"},{"reference_url":"https://struts.apache.org/docs/s2-027.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://struts.apache.org/docs/s2-027.html"},{"reference_url":"https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210123095942/http://www.securityfocus.com/bid/85131"},{"reference_url":"https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20211206100940/https://www.securitytracker.com/id/1035267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3090","reference_id":"CVE-2016-3090","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3090"},{"reference_url":"https://github.com/advisories/GHSA-ggmp-fxfg-277r","reference_id":"GHSA-ggmp-fxfg-277r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggmp-fxfg-277r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/51012?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-h3mw-239q-cbgn"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2016-3090","GHSA-ggmp-fxfg-277r"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sd6f-umkv-ffc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9736?format=json","vulnerability_id":"VCID-sgb7-h4sp-dbgf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2248","reference_id":"","reference_type":"","scores":[{"value":"0.91954","scoring_system":"epss","scoring_elements":"0.99712","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2248"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/3cfe34fefedcf0fdcfcb061c0aea34a715b7de6"},{"reference_url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/630e1ba065a8215c4e9ac03bfb09be9d655c2b6e"},{"reference_url":"https://issues.apache.org/jira/browse/WW-4140","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-4140"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2248"},{"reference_url":"http://struts.apache.org/docs/s2-017.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-017.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-017.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-017.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt","reference_id":"CVE-2013-2248;OSVDB-95406","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38666.txt"},{"reference_url":"https://www.securityfocus.com/bid/61196/info","reference_id":"CVE-2013-2248;OSVDB-95406","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/61196/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50419?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.1"}],"aliases":["CVE-2013-2248","GHSA-rpj9-r897-wc6q"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgb7-h4sp-dbgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135659?format=json","vulnerability_id":"VCID-t9vy-6y7q-e3ac","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0233","reference_id":"","reference_type":"","scores":[{"value":"0.0778","scoring_system":"epss","scoring_elements":"0.92087","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0233"},{"reference_url":"https://cwiki.apache.org/confluence/display/ww/s2-060","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/ww/s2-060"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2982840","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.support.sap.com/#/notes/2982840"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0233","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0233"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869682","reference_id":"1869682","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1869682"},{"reference_url":"https://github.com/advisories/GHSA-ccp5-gg58-pxfm","reference_id":"GHSA-ccp5-gg58-pxfm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ccp5-gg58-pxfm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58678?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-uza5-qvgq-a3gm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2019-0233","GHSA-ccp5-gg58-pxfm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9vy-6y7q-e3ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10118?format=json","vulnerability_id":"VCID-ubk6-8mnk-bqet","summary":"","references":[{"reference_url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045"},{"reference_url":"http://jvn.jp/en/jp/JVN19294237/index.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://jvn.jp/en/jp/JVN19294237/index.html"},{"reference_url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0910","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0910"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0112","reference_id":"","reference_type":"","scores":[{"value":"0.91525","scoring_system":"epss","scoring_elements":"0.99685","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0112"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091939","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1091939"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-021","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-021"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0112","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0112"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2014-0007.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50677?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/51012?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-h3mw-239q-cbgn"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0112","GHSA-prjv-jj26-wf8h"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubk6-8mnk-bqet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18992?format=json","vulnerability_id":"VCID-uza5-qvgq-a3gm","summary":"Files or Directories Accessible to External Parties\nAn attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.\nUsers are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.","references":[{"reference_url":"http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50164","reference_id":"","reference_type":"","scores":[{"value":"0.92896","scoring_system":"epss","scoring_elements":"0.99777","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50164"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-066","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-066"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163"},{"reference_url":"https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6"},{"reference_url":"https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231214-0010","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231214-0010"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/12/07/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/12/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/07/1","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/07/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253938","reference_id":"2253938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253938"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50164","reference_id":"CVE-2023-50164","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50164"},{"reference_url":"https://github.com/advisories/GHSA-2j39-qcjm-428w","reference_id":"GHSA-2j39-qcjm-428w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j39-qcjm-428w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66888?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-vjz7-vh5w-aygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33"},{"url":"http://public2.vulnerablecode.io/api/packages/66889?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@6.3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-nfn8-r3bb-kka7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2"}],"aliases":["CVE-2023-50164","GHSA-2j39-qcjm-428w"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uza5-qvgq-a3gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10197?format=json","vulnerability_id":"VCID-y65y-kv8s-q3ef","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4310.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4310","reference_id":"","reference_type":"","scores":[{"value":"0.08725","scoring_system":"epss","scoring_elements":"0.92624","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4310"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/0c8366cb792227d484b9ca13e537037dd0cb57dc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4310","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4310"},{"reference_url":"http://struts.apache.org/docs/s2-018.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-018.html"},{"reference_url":"http://struts.apache.org/release/2.3.x/docs/s2-018.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/release/2.3.x/docs/s2-018.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013030","reference_id":"1013030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1013030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50523?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.15.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.15.3"}],"aliases":["CVE-2013-4310","GHSA-q5q8-jghf-3pm3"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y65y-kv8s-q3ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9930?format=json","vulnerability_id":"VCID-zkdp-x1s4-jbbx","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0113","reference_id":"","reference_type":"","scores":[{"value":"0.82455","scoring_system":"epss","scoring_elements":"0.99249","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0113"},{"reference_url":"https://cwiki.apache.org/confluence/display/WW/S2-021","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cwiki.apache.org/confluence/display/WW/S2-021"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/commit/74e26830d2849a84729b33497f729e0f033dc147"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0113","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0113"},{"reference_url":"http://struts.apache.org/docs/s2-021.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-021.html"},{"reference_url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113","reference_id":"","reference_type":"","scores":[],"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21676706"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092201","reference_id":"1092201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1092201"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50677?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/51012?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-d7b9-rv1g-qkfp"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fdat-drnp-yudv"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-h3mw-239q-cbgn"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-n7x9-wj56-a7gr"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-vurd-7tee-e7a9"},{"vulnerability":"VCID-ycjb-zszd-4ufy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.20"}],"aliases":["CVE-2014-0113","GHSA-3c5c-xrq4-qhr8"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkdp-x1s4-jbbx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9798?format=json","vulnerability_id":"VCID-6f4g-r6bc-63fg","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4387","reference_id":"","reference_type":"","scores":[{"value":"0.07916","scoring_system":"epss","scoring_elements":"0.92163","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4387"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78183","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78183"},{"reference_url":"https://github.com/apache/struts","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts"},{"reference_url":"https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/80e03182d66d9e6ab18f9a9a9b3c42725a1c89e9"},{"reference_url":"https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/87935af56a27235e9399308ee1fcfb74f8edcefa"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3860","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3860"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4387","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4387"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-011.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-011.html"},{"reference_url":"http://struts.apache.org/docs/s2-011.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-011.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/5"},{"reference_url":"https://github.com/advisories/GHSA-hrgc-54mv-58gv","reference_id":"GHSA-hrgc-54mv-58gv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hrgc-54mv-58gv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50192?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-1xze-jfs9-yyba"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-6b94-6fkt-afdu"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-gbqn-ywy3-d7cu"},{"vulnerability":"VCID-hkhz-8ee5-57fm"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mw23-ujhz-a7cs"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-pmr8-6zz1-ryf2"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-sgb7-h4sp-dbgf"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1"}],"aliases":["CVE-2012-4387","GHSA-hrgc-54mv-58gv"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6f4g-r6bc-63fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10310?format=json","vulnerability_id":"VCID-pr67-cm26-w7hm","summary":"CSRF protection bypass\nThe token check mechanism in this package does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4386","reference_id":"","reference_type":"","scores":[{"value":"0.03235","scoring_system":"epss","scoring_elements":"0.87302","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4386"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78182","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78182"},{"reference_url":"https://issues.apache.org/jira/browse/WW-3858","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WW-3858"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4386","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4386"},{"reference_url":"http://struts.apache.org/2.x/docs/s2-010.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://struts.apache.org/2.x/docs/s2-010.html"},{"reference_url":"http://struts.apache.org/docs/s2-010.html","reference_id":"","reference_type":"","scores":[],"url":"http://struts.apache.org/docs/s2-010.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/01/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/01/5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50192?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1tfj-xmkp-bbfr"},{"vulnerability":"VCID-1xhe-mz8d-eyem"},{"vulnerability":"VCID-1xze-jfs9-yyba"},{"vulnerability":"VCID-2p29-qaqw-9fa9"},{"vulnerability":"VCID-2qup-v76d-8bge"},{"vulnerability":"VCID-3q92-5sz9-2kd3"},{"vulnerability":"VCID-6b94-6fkt-afdu"},{"vulnerability":"VCID-86yh-tym8-f3hh"},{"vulnerability":"VCID-8huk-86a6-27cw"},{"vulnerability":"VCID-8zze-44sk-audx"},{"vulnerability":"VCID-aaet-jdfc-mbek"},{"vulnerability":"VCID-b4nv-2pd9-pqdw"},{"vulnerability":"VCID-c5xy-yhrn-fqf2"},{"vulnerability":"VCID-ce3p-yaze-v7fy"},{"vulnerability":"VCID-dzkb-wjvw-qufb"},{"vulnerability":"VCID-ee2d-r8vy-skhq"},{"vulnerability":"VCID-es18-pf68-h3de"},{"vulnerability":"VCID-ev69-3d1j-nuac"},{"vulnerability":"VCID-f4kx-q41m-5qer"},{"vulnerability":"VCID-fmf4-k1py-g7fh"},{"vulnerability":"VCID-gbqn-ywy3-d7cu"},{"vulnerability":"VCID-hkhz-8ee5-57fm"},{"vulnerability":"VCID-hszd-513t-xucj"},{"vulnerability":"VCID-huug-6mey-9fgz"},{"vulnerability":"VCID-jyrs-6kjh-3qfa"},{"vulnerability":"VCID-k6eu-y8xc-5kbj"},{"vulnerability":"VCID-knq3-w2wm-4uae"},{"vulnerability":"VCID-mw23-ujhz-a7cs"},{"vulnerability":"VCID-mxqs-9njm-hbhq"},{"vulnerability":"VCID-nb8f-hdtw-9fdk"},{"vulnerability":"VCID-nfn8-r3bb-kka7"},{"vulnerability":"VCID-nqwc-36ke-b3ff"},{"vulnerability":"VCID-pjw9-sxen-b3cu"},{"vulnerability":"VCID-pmr8-6zz1-ryf2"},{"vulnerability":"VCID-q9p6-sxpv-g7gp"},{"vulnerability":"VCID-rxsu-5hkz-ube8"},{"vulnerability":"VCID-sd6f-umkv-ffc2"},{"vulnerability":"VCID-sgb7-h4sp-dbgf"},{"vulnerability":"VCID-t9vy-6y7q-e3ac"},{"vulnerability":"VCID-ubk6-8mnk-bqet"},{"vulnerability":"VCID-uza5-qvgq-a3gm"},{"vulnerability":"VCID-y65y-kv8s-q3ef"},{"vulnerability":"VCID-zkdp-x1s4-jbbx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1"}],"aliases":["CVE-2012-4386","GHSA-2rvh-q539-q33v"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pr67-cm26-w7hm"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.3.4.1"}