{"url":"http://public2.vulnerablecode.io/api/packages/59699?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","type":"maven","namespace":"org.apache.struts","name":"struts2-core","version":"2.5.22","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.5.26","latest_non_vulnerable_version":"7.1.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42991?format=json","vulnerability_id":"VCID-4bm7-hbe1-mfca","summary":"Unrestricted Upload of File with Dangerous Type\nA local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592"},{"reference_url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/struts/blob/master/core/src/main/resources/struts-default.xml#L39-L76"},{"reference_url":"https://issues.apache.org/jira/browse/WW-5055","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/jira/browse/WW-5055"},{"reference_url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r593ebb2f4c95b064e6901fd273eff256c493db952bdb484395948ffc@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E"},{"reference_url":"https://seclists.org/bugtraq/2012/Mar/110","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2012/Mar/110"},{"reference_url":"https://struts.apache.org/security/#internal-security-mechanism","reference_id":"","reference_type":"","scores":[],"url":"https://struts.apache.org/security/#internal-security-mechanism"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/03/28/12","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/03/28/12"},{"reference_url":"https://access.redhat.com/security/cve/cve-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/cve-2012-1592"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1592"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2012-1592","reference_id":"CVE-2012-1592","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2012-1592"},{"reference_url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf","reference_id":"GHSA-8m5q-crqq-6pmf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8m5q-crqq-6pmf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59699?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2012-1592","GHSA-8m5q-crqq-6pmf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bm7-hbe1-mfca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41798?format=json","vulnerability_id":"VCID-7hxh-btrk-skhg","summary":"Improperly Controlled Modification of Dynamically-Determined Object Attributes\nApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.","references":[{"reference_url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html"},{"reference_url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html"},{"reference_url":"https://cwiki.apache.org/confluence/display/ww/s2-059","reference_id":"","reference_type":"","scores":[],"url":"https://cwiki.apache.org/confluence/display/ww/s2-059"},{"reference_url":"https://launchpad.support.sap.com/#/notes/2982840","reference_id":"","reference_type":"","scores":[],"url":"https://launchpad.support.sap.com/#/notes/2982840"},{"reference_url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230","reference_id":"CVE-2019-0230","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0230"},{"reference_url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727","reference_id":"GHSA-wp4h-pvgw-5727","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wp4h-pvgw-5727"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59699?format=json","purl":"pkg:maven/org.apache.struts/struts2-core@2.5.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}],"aliases":["CVE-2019-0230","GHSA-wp4h-pvgw-5727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7hxh-btrk-skhg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.22"}