Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.apache.struts/struts2-core@2.5.32
Typemaven
Namespaceorg.apache.struts
Namestruts2-core
Version2.5.32
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.8.0
Latest_non_vulnerable_version7.1.1
Affected_by_vulnerabilities
0
url VCID-8cmt-z8g9-duf2
vulnerability_id VCID-8cmt-z8g9-duf2
summary 
Apache Struts 2 is Missing XML Validation
Missing XML Validation vulnerability in Apache Struts, Apache Struts.

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

Users are recommended to upgrade to version 6.1.1, which fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68493.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10195
published_at 2026-06-07T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10211
published_at 2026-06-05T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10232
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68493
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-069
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T13:52:42Z/
url https://cwiki.apache.org/confluence/display/WW/S2-069
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url http://www.openwall.com/lists/oss-security/2026/01/11/2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/01/11/2
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
reference_id 2428559
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428559
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
reference_id CVE-2025-68493
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-68493
7
reference_url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
reference_id GHSA-qcfc-hmrc-59x7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcfc-hmrc-59x7
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.1.1
purl pkg:maven/org.apache.struts/struts2-core@6.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gvwn-8r4r-47gm
1
vulnerability VCID-mvdz-exud-3ybz
2
vulnerability VCID-renj-v5ce-2khx
3
vulnerability VCID-wzez-6cmp-n7gn
4
vulnerability VCID-z9v1-pwvn-2bcy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.1
aliases CVE-2025-68493, GHSA-qcfc-hmrc-59x7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8cmt-z8g9-duf2
1
url VCID-gvwn-8r4r-47gm
vulnerability_id VCID-gvwn-8r4r-47gm
summary 
Apache Struts has a Denial of Service vulnerability
Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.42166
published_at 2026-06-05T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42149
published_at 2026-06-07T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42176
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-66675
1
reference_url https://cve.org/CVERecord?id=CVE-2025-64775
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cve.org/CVERecord?id=CVE-2025-64775
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-068
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:52:50Z/
url https://cwiki.apache.org/confluence/display/WW/S2-068
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/831568929cfba700f790f6ebe6e335f9f33fb468
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
reference_id CVE-2025-66675
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-66675
6
reference_url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
reference_id GHSA-rg58-xhh7-mqjw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg58-xhh7-mqjw
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.8.0
purl pkg:maven/org.apache.struts/struts2-core@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.8.0
1
url pkg:maven/org.apache.struts/struts2-core@7.1.1
purl pkg:maven/org.apache.struts/struts2-core@7.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@7.1.1
aliases CVE-2025-66675, GHSA-rg58-xhh7-mqjw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvwn-8r4r-47gm
2
url VCID-mvdz-exud-3ybz
vulnerability_id VCID-mvdz-exud-3ybz
summary 
Files or Directories Accessible to External Parties
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
references
0
reference_url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50164.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
reference_id
reference_type
scores
0
value 0.92896
scoring_system epss
scoring_elements 0.99778
published_at 2026-06-06T12:55:00Z
1
value 0.93657
scoring_system epss
scoring_elements 0.9985
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-50164
3
reference_url https://cwiki.apache.org/confluence/display/WW/S2-066
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://cwiki.apache.org/confluence/display/WW/S2-066
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163
6
reference_url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6
7
reference_url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
8
reference_url https://security.netapp.com/advisory/ntap-20231214-0010
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231214-0010
9
reference_url https://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/12/07/1
10
reference_url http://www.openwall.com/lists/oss-security/2023/12/07/1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/07/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
reference_id 2253938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2253938
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
reference_id CVE-2023-50164
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-50164
13
reference_url https://github.com/advisories/GHSA-2j39-qcjm-428w
reference_id GHSA-2j39-qcjm-428w
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j39-qcjm-428w
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.33
purl pkg:maven/org.apache.struts/struts2-core@2.5.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-16yc-2abk-1yd2
1
vulnerability VCID-8cmt-z8g9-duf2
2
vulnerability VCID-gvwn-8r4r-47gm
3
vulnerability VCID-z9v1-pwvn-2bcy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.33
1
url pkg:maven/org.apache.struts/struts2-core@6.3.0.2
purl pkg:maven/org.apache.struts/struts2-core@6.3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gvwn-8r4r-47gm
1
vulnerability VCID-z9v1-pwvn-2bcy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.2
aliases CVE-2023-50164, GHSA-2j39-qcjm-428w
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mvdz-exud-3ybz
3
url VCID-z9v1-pwvn-2bcy
vulnerability_id VCID-z9v1-pwvn-2bcy
summary 
Apache Struts file upload logic is flawed
File upload logic is flawed vulnerability in Apache Struts. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

This issue affects Apache Struts: from 2.0.0 before 6.4.0.

Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload. If you are not using an old file upload logic based on FileuploadInterceptor your application is safe.

You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 .
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53677.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
reference_id
reference_type
scores
0
value 0.93188
scoring_system epss
scoring_elements 0.99808
published_at 2026-06-07T12:55:00Z
1
value 0.93188
scoring_system epss
scoring_elements 0.99807
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53677
2
reference_url https://cwiki.apache.org/confluence/display/WW/S2-067
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-12T15:19:19Z/
url https://cwiki.apache.org/confluence/display/WW/S2-067
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
5
reference_url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
6
reference_url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
7
reference_url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
8
reference_url https://security.netapp.com/advisory/ntap-20250103-0005
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250103-0005
9
reference_url https://struts.apache.org/core-developers/file-upload
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://struts.apache.org/core-developers/file-upload
10
reference_url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
reference_id 2331686
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331686
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
reference_id CVE-2024-53677
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:A/V:C/RE:L/U:Red
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53677
13
reference_url https://github.com/advisories/GHSA-43mq-6xmg-29vm
reference_id GHSA-43mq-6xmg-29vm
reference_type
scores
url https://github.com/advisories/GHSA-43mq-6xmg-29vm
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@6.4.0
purl pkg:maven/org.apache.struts/struts2-core@6.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gvwn-8r4r-47gm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.4.0
aliases CVE-2024-53677, GHSA-43mq-6xmg-29vm
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z9v1-pwvn-2bcy
Fixing_vulnerabilities
0
url VCID-78xk-z9kk-cqge
vulnerability_id VCID-78xk-z9kk-cqge
summary 
Incomplete Cleanup
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41835.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41835.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-41835
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.45192
published_at 2026-06-07T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45212
published_at 2026-06-06T12:55:00Z
2
value 0.00224
scoring_system epss
scoring_elements 0.45209
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-41835
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
4
reference_url https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
5
reference_url https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
6
reference_url https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
7
reference_url https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:55:29Z/
url https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
8
reference_url https://security.netapp.com/advisory/ntap-20231013-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231013-0001
9
reference_url https://www.openwall.com/lists/oss-security/2023/12/09/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:55:29Z/
url https://www.openwall.com/lists/oss-security/2023/12/09/1
10
reference_url http://www.openwall.com/lists/oss-security/2023/12/09/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/09/1
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252931
reference_id 2252931
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252931
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-41835
reference_id CVE-2023-41835
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-41835
13
reference_url https://github.com/advisories/GHSA-729q-fcgp-r5xh
reference_id GHSA-729q-fcgp-r5xh
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-729q-fcgp-r5xh
fixed_packages
0
url pkg:maven/org.apache.struts/struts2-core@2.5.32
purl pkg:maven/org.apache.struts/struts2-core@2.5.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8cmt-z8g9-duf2
1
vulnerability VCID-gvwn-8r4r-47gm
2
vulnerability VCID-mvdz-exud-3ybz
3
vulnerability VCID-z9v1-pwvn-2bcy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.32
1
url pkg:maven/org.apache.struts/struts2-core@6.1.2.2
purl pkg:maven/org.apache.struts/struts2-core@6.1.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gvwn-8r4r-47gm
1
vulnerability VCID-mvdz-exud-3ybz
2
vulnerability VCID-z9v1-pwvn-2bcy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.1.2.2
2
url pkg:maven/org.apache.struts/struts2-core@6.3.0.1
purl pkg:maven/org.apache.struts/struts2-core@6.3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gvwn-8r4r-47gm
1
vulnerability VCID-mvdz-exud-3ybz
2
vulnerability VCID-z9v1-pwvn-2bcy
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@6.3.0.1
aliases CVE-2023-41835, GHSA-729q-fcgp-r5xh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78xk-z9kk-cqge
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-core@2.5.32