Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
maven org.apache.struts:struts2-core Security Advisories
Loading...
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 4 months ago
GSA_kwCzR0hTQS0yajM5LXFjam0tNDI4d84AA3mt
Apache Struts vulnerable to path traversalEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 4 months ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 months ago
GSA_kwCzR0hTQS03MjlxLWZjZ3AtcjV4aM4AA3kR
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerabilityEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 months ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 10 months ago
GSA_kwCzR0hTQS04ZjZ4LXY2ODUtZzJ4Y84AAz2D
Apache Struts vulnerable to memory exhaustionEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 10 months ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 10 months ago
GSA_kwCzR0hTQS00ZzQyLWdxcmctNDYzM84AAz2O
Apache Struts vulnerable to memory exhaustionEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 10 months ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: almost 2 years ago
GSA_kwCzR0hTQS1jY3A1LWdnNTgtcHhmbc4AAl6h
Improper Preservation of Permissions in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS0yNjVyLXBwODMtZ3d3N84AAjsD
Cross-site Scripting in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1qZ2NyLTljMnEtcnZwOM4AAgP6
Apache Struts is vulnerable to Cross-site ScriptingEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS13djdnLXhodnctOGhjcM4AAgPc
Apache Struts directory traversal vulnerabilityEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS01NmY4LWc2OHItajY5Oc4AAf1H
Cross-site Scripting in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS0zZzhqLWpqNTQtM3ZqZ84AAe4O
Apache Struts is vulnerable to Cross-site ScriptingEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1xNXE4LWpnaGYtM3BtM84AAekz
Apache Struts2 Broken Access Control VulnerabilityEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 2 years ago
GSA_kwCzR0hTQS0yajRxLTlmZmYtMjM2as4AAdCC
Apache Struts XSS VulnerabilityEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1wdm05LTI4OGMtdjV3cc4AAdBO
Remote Code Execution in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: ognl:ognl, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
GSA_kwCzR0hTQS0zODNwLXhxeHgtcnJtcM4AAdBJ
Denial of service in Apache StrutsEcosystems: maven
Packages: ognl:ognl, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1qN2g2LXhyN2ctbTJjNc4AAcrC
Code injection in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1ycGo5LXI4OTctd2M2cc4AAcSx
Open redirect in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
GSA_kwCzR0hTQS14bTkyLXYybXEtODQycc4AAa4Q
Apache Struts improper action name cleanupEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
GSA_kwCzR0hTQS14Zzc1LTY4eDMtN3Azcc4AAa4P
Apache Struts vulnerable to possible DoS attack when using URLValidatorEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS0ycnZoLXE1MzktcTMzds4AAaDY
Cross-Site Request Forgery in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1xMmNnLXhmOXAtaDQ1N84AAYyu
Incomplete exclude pattern in Apache StrutsEcosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: almost 2 years ago
GSA_kwCzR0hTQS00cWdqLTltdmctMzkyOc4AAWri
Special top object can be used to access Struts' internalsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 2 years ago
GSA_kwCzR0hTQS04NnZxLThxaGMtNXJxd84AAWrf
Apache Struts vulnerable to possible DoS attack when using URLValidatorEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1oNHY5LWpmMnItOWg2bc4AAWFk
Cross-Site Request Forgery in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1ncXFtLTU2NGYtdnZ4cc4AAUxj
Arbitrary code execution in Apache Struts 2Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 2 years ago
GSA_kwCzR0hTQS12d2h2LWozNmctNXJtOM4AAUxp
Cross-site Scripting in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1wdzhyLXgycW0tM2g1bc4AAUxe
Arbitrary code execution in Apache Struts 2Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1tM3g2LTl2NmgtNGcyOM4AAUxh
Cross-site Scripting in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1td3J4LWh4NngtM2hods4AAUpl
Apache Struts Code injection due to conversion errorEcosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1wcmp2LWpqMjYtd2Y4aM4AATRB
ClassLoader manipulation in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS13aG1xLXY5NHEtMzRwOc4AATQ8
Improper Control of Generation of Code in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS03Mzd3LW1oNTgtY3hqcM4AATQ_
Arbitrary code execution in Apache StrutsEcosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS0zYzVjLXhycTQtcWhyOM4AATQ2
ClassLoader manipulation in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS12cndjLXFqbXctNXJqbc4AATRA
ClassLoader manipulation in Apache StrutsEcosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 2 years ago
GSA_kwCzR0hTQS04YzZqLWZmbWYtcTZ2bc4AATRI
Apache Struts RCE VulnerabilityEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1obWhxLTM4MnEtbXA1Ns4AATQ0
ClassLoader manipulation in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1tbWo2LWNqajQtaHByNc4AATRH
Apache Struts vulnerable to arbitrary remote code execution due to improper input validationEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
GSA_kwCzR0hTQS00cHJqLXZ3OWotdjZwcs4AATRG
Arbitrary code execution in Apache Struts 2Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: almost 2 years ago
GSA_kwCzR0hTQS04NzZwLTR3Z2MtNzVyeM4AATMB
Apache Struts RCE VulnerabilityEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 2 years ago
GSA_kwCzR0hTQS03Z2htLXJwYzctcDdnNc34jQ
Code injection in Apache StrutsEcosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS00N3FwLTh2OWctMzlocM32gA
Code injection in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS14NWZjLXBncHgtNTlqNc32hw
Server side object manipulation in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS0ycHBwLXhqMzQtdnZmN83e3A
Apache Struts's CookieInterceptor component does not use the parameter-name whitelistEcosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core, org.apache.struts.xwork:xwork-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1oeHFxLXc0bXItbWM2Ms3e2A
Apache Struts's ParameterInterceptor component does not prevent access to public constructorsEcosystems: maven
Packages: org.apache.struts:struts2-core, org.apache.struts.xwork:xwork-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS00d3JyLTloNXItbTkyd83e2w
Apache Struts Remote Java Code ExecutionEcosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: almost 2 years ago
GSA_kwCzR0hTQS04bTVxLWNycXEtNnBtZs1AOA
Unrestricted Upload of File with Dangerous Type in Apache Struts2Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1qNjhmLThoNnAtOWg1cc0-5A
Struts ParameterInterceptor vulnerability allows remote command executionEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
GSA_kwCzR0hTQS12OGo2LTZjMnItcjI3Y807Ew
Expression Language Injection in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjMzUtcTM2OS00NXB2
Remote code execution in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 2 years ago
GSA_kwCzR0hTQS13cDRoLXB2Z3ctNTcyN80Y7Q
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 2 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyNmotM2pwOS1ydzY1
Apache Struts vulnerable to remote command execution (RCE) due to improper input validationEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3N3EtMnFxZy02OTg5
Apache Struts vulnerable to remote arbitrary command execution due to improper input validationEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1eDctM3Y4NS13cGM0
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is usedEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
High
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcjUtaDI4Zy0zNnF4
Spring AOP functionality (Struts) vulnerable to DoS attackEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncDctanZtMi1yNG14
Apache Struts Improper Input Validation vulnerabilityEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeDktNWh4OC1jcmht
Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literalEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 5 years ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 4
Ecosystems: 12
Packages: 8,115
Repositories: 4
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
org.jenkins-ci.main:jenkins-core
189
org.apache.tomcat:tomcat
139
com.fasterxml.jackson.core:jackson-databind
69
org.apache.struts:struts2-core
55
com.liferay.portal:release.portal.bom
45
org.keycloak:keycloak-core
43
com.thoughtworks.xstream:xstream
36
com.jfinal:jfinal
36
net.mingsoft:ms-mcms
35
org.xwiki.platform:xwiki-platform-oldcore
34
org.elasticsearch:elasticsearch
32
org.apache.tomcat.embed:tomcat-embed-core
32
org.jenkins-ci.plugins:script-security
30
io.undertow:undertow-core
27
org.keycloak:keycloak-parent
26
org.keycloak:keycloak-services
26
org.apache.solr:solr-core
25
org.springframework.security:spring-security-core
23
org.eclipse.jetty:jetty-server
23
org.apache.nifi:nifi
22
org.apache.openmeetings:openmeetings-parent
21
org.cloudfoundry.identity:cloudfoundry-identity-server
20
org.springframework:spring-core
19
com.vaadin:vaadin-bom
18
org.bouncycastle:bcprov-jdk14
18
com.liferay.portal:release.dxp.bom
18
org.xwiki.platform:xwiki-platform-web-templates
17
org.apache.geode:geode-core
17
org.apache.dubbo:dubbo
16
org.apache.activemq:activemq-client
16
org.bouncycastle:bcprov-jdk15
16
org.apache.jspwiki:jspwiki-main
15
org.apache.struts.xwork:xwork-core
15
org.xwiki.platform:xwiki-platform-web
14
org.apache.cxf:cxf
13
org.apache.inlong:manager-pojo
13
org.apache.hadoop:hadoop-main
13
org.jenkins-ci.plugins.workflow:workflow-cps
12
org.apache.dolphinscheduler:dolphinscheduler
12
com.vaadin:flow-server
12
org.jenkins-ci.plugins:git
12
org.apache.jspwiki:jspwiki-war
11
org.apache.tika:tika-core
11
org.apache.camel:camel-core
11
org.mortbay.jetty:jetty
11
org.apache.cxf:cxf-core
11
org.apache.hadoop:hadoop-common
11
org.apache.james:james-server
11
org.apache.commons:commons-compress
11
org.igniterealtime.openfire:parent
11
com.xuxueli:xxl-job
11
org.jenkins-ci.plugins:email-ext
11
org.jeecgframework.boot:jeecg-boot-parent
11
org.apache.ranger:ranger
11
org.jeecgframework.boot:jeecg-boot-common
11
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
10
io.netty:netty
10
org.apache.inlong:manager-service
10
org.jboss.netty:netty
10
org.xwiki.platform:xwiki-platform-administration-ui
10
org.opencrx:opencrx-core-models
9
cn.hutool:hutool-core
9
org.apache.xmlgraphics:batik
9
org.apache.archiva:archiva
9
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
9
org.opennms:opennms
9
org.jenkins-ci.plugins:active-directory
9
org.apache.tapestry:tapestry-core
9
org.apache.shiro:shiro-core
9
io.jenkins:configuration-as-code
9
org.craftercms:crafter-studio
9
org.bouncycastle:bcprov-jdk15on
9
org.apache.hive:hive
9
org.jenkins-ci.plugins:config-file-provider
9
org.springframework:spring-webmvc
9
jquery
9
jquery-rails
9
org.jenkins-ci.plugins:electricflow
9
org.webjars.npm:jquery
9
com.hazelcast:hazelcast
8
org.apache.pdfbox:pdfbox
8
io.jenkins.blueocean:blueocean
8
org.opencms:opencms-core
8
org.apache.santuario:xmlsec
8
org.graylog2:graylog2-server
8
org.apache.ambari:ambari
8
org.jenkins-ci.plugins:ec2
8
org.apache.hive:hive-exec
8
org.apache.zeppelin:zeppelin
8
org.yaml:snakeyaml
8
org.springframework:spring-web
8
org.postgresql:postgresql
8
jQuery
8
mysql:mysql-connector-java
8
org.apache.tomcat:tomcat-catalina
8
org.apache.ozone:ozone-main
8
org.apache.kylin:kylin
8
org.jenkins-ci.plugins:openshift-deployer
7
org.jenkins-ci.plugins:jobConfigHistory
7
org.apache.derby:derby
7
jQuery.UI.Combined
7
org.apache.logging.log4j:log4j-core
7
org.apache.activemq:activemq-parent
7
io.jenkins.plugins:miniorange-saml-sp
7
org.jenkins-ci.plugins:artifactory
7
org.owasp.antisamy:antisamy
7
net.opentsdb:opentsdb
7
org.jenkins-ci.plugins:subversion
7
jquery-ui
7
io.jenkins.plugins:cavisson-ns-nd-integration
7
jquery-ui-rails
7
org.owasp.esapi:esapi
7
org.webjars.npm:jquery-ui
7
org.apache.cxf:apache-cxf
7
org.apache.tika:tika
7
org.jenkins-ci.plugins:rundeck
7
org.apache.atlas:atlas-common
7
org.silverpeas.core:silverpeas-core-web
7
org.apache.hive:hive-service
7
org.apache.poi:poi
7
org.jenkins-ci.plugins:mercurial
7
rubygems-update
7
org.jruby:jruby-stdlib
7
io.dataease:dataease-plugin-common
7
io.jenkins.plugins:warnings-ng
7
org.apache.spark:spark-core_2.11
7
org.apache.inlong:manager-web
7
org.apache.linkis:linkis
7
org.apache.karaf:apache-karaf
7
org.jeecgframework.boot:jeecg-boot-base
7
io.atomix:atomix
7
org.jboss.resteasy:resteasy-client
7
org.apache.tomcat:tomcat-coyote
7
org.apache.mesos:mesos
6
com.jflyfox:jflyfox_jfinal
6
tech.powerjob:powerjob
6
org.apache.storm:storm-core
6
org.apache.axis:axis
6
org.jenkins-ci.plugins:ec2-deployment-dashboard
6
org.apache.pulsar:pulsar-broker
6
org.jenkins-ci.plugins:gitlab-oauth
6
axis:axis
6
commons-fileupload:commons-fileupload
6
org.xwiki.commons:xwiki-commons-xml
6
org.apache.solr:solr-parent
6
org.opencastproject:opencast-kernel
6
org.apache.syncope:syncope-core
6
org.jenkins-ci.plugins:pipeline-maven
6
org.apache.httpcomponents:httpclient
6
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
6
org.csanchez.jenkins.plugins:kubernetes
6
org.jenkins-ci.plugins:azure-vm-agents
6
org.apache.spark:spark-core_2.10
6
org.opensearch.plugin:opensearch-security
6
io.netty:netty-codec-http
6
hudson.plugins:project-inheritance
6
cn.hutool:hutool-json
6
org.jenkins-ci.plugins:fortify-on-demand-uploader
6
org.apache.shenyu:shenyu-common
6
org.apache.struts:struts2-rest-plugin
6
de.tum.in.ase:artemis-java-test-sandbox
6
org.jenkins-ci.plugins:repository-connector
6
com.xebialabs.deployit.ci:deployit-plugin
6
io.netty:netty-handler
6
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
5
org.jenkins-ci.plugins:gitlab-plugin
5
org.jenkins-ci.plugins:websphere-deployer
5
com.mabl.integration.jenkins:mabl-integration
5
org.apache.druid:druid
5
org.jenkins-ci.plugins.m2release:m2release
5
xerces:xercesImpl
5
org.biouno:uno-choice
5
org.jenkins-ci.plugins:support-core
5
edu.stanford.nlp:stanford-corenlp
5
com.vaadin:vaadin-server
5
org.apache.kylin:kylin-server-base
5
org.jenkins-ci.plugins:delphix
5
org.jenkins-ci.plugins:matrix-project
5
org.jenkinsci.plugins:octoperf
5
org.jenkins-ci.plugins:google-login
5
com.alibaba:dubbo
5
org.opennms:opennms-webapp
5
org.jenkins-ci.plugins:htmlpublisher
5
org.neo4j.procedure:apoc
5
org.jeecgframework.boot:jeecg-boot-base-core
5
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
5
com.google.protobuf:protobuf-java
5
org.dspace:dspace-jspui
5
com.ruoyi:ruoyi
5
org.jboss.resteasy:resteasy-bom
5
org.apache.hadoop:hadoop-client
5
org.jenkins-ci.plugins:scriptler
5
org.jenkins-ci.plugins:ghprb
5
org.apache.inlong:manager-dao
5
org.apache.cassandra:cassandra-all
5
org.jenkins-ci.plugins:codedx
5
org.jenkins-ci.plugins:junit
5
info.magnolia:magnolia-core
5
org.codehaus.jettison:jettison
5
org.springframework.amqp:spring-amqp
5