Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2013-4316 — Code injection in Apache Struts · VulnScope

CVE-2013-4316

Code injection in Apache Struts

EPSS 6.2%

Description

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

How to fix CVE-2013-4316

To remediate CVE-2013-4316, upgrade the affected package to a fixed version below.

Maven/org.apache.struts:struts2-core—upgrade to 2.3.15.2 or later
Maven/org.apache.struts:struts2-rest-plugin—upgrade to 2.3.15.2 or later

Is CVE-2013-4316 being exploited?

Moderate — EPSS is 6.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

>= 2.0.0, < 2.3.15.2
>= 2.0.0, < 2.3.15.2

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-4316
PATCHgithub.com/apache/struts
WEBarchives.neohapsis.com/archives/bugtraq/2013-09/0107.html
WEBgithub.com/apache/struts/commit/58947c3f85ae641c1a476316a2888e53605948d1

Metadata

Published: 5/17/2022
Modified: 12/6/2024

Also known as:

GHSA-j7h6-xr7g-m2c5ghsa

WEB

github.com/apache/struts/commit/c643336945dda84cbcdc8a39530baa24fede28c4

WEBstruts.apache.org/release/2.3.x/docs/s2-019.html

Maven/org.apache.struts:struts2-core

Maven/org.apache.struts:struts2-rest-plugin