pkg:Maven/org.apache.struts:struts2-core

All known vulnerabilities

• CRITICAL10.0CVE-2017-5638⚠ KEVApache Struts vulnerable to remote arbitrary command execution due to improper input validation
  >= 2.3.0, < 2.3.32
• CRITICAL9.8CVE-2013-2251⚠ KEVCode injection in Apache Struts
  from 0, < 2.3.15.1
• CRITICAL9.8⚠ KEVApache Struts Remote Java Code Execution
  from 0, < 2.2.3.1
• CRITICAL9.8⚠ KEVRemote code execution in Apache Struts
  >= 2.0.0, < 2.5.26
• HIGH8.1⚠ KEVApache Struts vulnerable to remote command execution (RCE) due to improper input validation
  >= 2.0.4, < 2.3.35
• CRITICAL9.8Apache Struts file upload logic is flawed
  from 0, < 6.4.0
• CRITICAL9.8Apache Struts vulnerable to path traversal
  >= 2.0.0, < 2.5.33
• CRITICAL9.8Remote Code Execution in Apache Struts
  from 0, < 2.3.20.3
• CRITICAL9.8Apache Struts improper action name cleanup
  >= 2.0.0, < 2.3.29
• CRITICAL9.8Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
  >= 2.3.19, < 2.3.20.3
• CRITICAL9.8Arbitrary code execution in Apache Struts 2
  >= 2.3.19, < 2.3.29
• CRITICAL9.8Struts ParameterInterceptor vulnerability allows remote command execution
  >= 2.0.0, < 2.3.1.2
• CRITICAL9.8Expression Language Injection in Apache Struts
  >= 2.0.0, < 2.5.30
• CRITICAL9.8Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
  >= 2.0.0, < 2.5.22
• CRITICAL9.8Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
  >= 2.0.1, < 2.3.34
• HIGH8.8Apache Struts forced double OGNL evaluation
  >= 2.0.0, < 2.3.29
• HIGH8.8Apache Struts RCE Vulnerability
  >= 2.0.0, < 2.3.20.3
• HIGH8.8Unrestricted Upload of File with Dangerous Type in Apache Struts2
  >= 2.0, < 2.5.22
• HIGH8.2Apache Struts has a Denial of Service vulnerability
  >= 2.0.0, < 6.8.0
• HIGH8.1Apache Struts 2 is Missing XML Validation
  >= 2.0.0, <= 2.3.37
• HIGH8.1Apache Struts RCE Vulnerability
  >= 2.3.19, < 2.3.20.3
• HIGH8.1Code injection in Apache Struts
  >= 2.0.0, < 2.3.14.2
• HIGH7.5Apache Struts is Vulnerable to DoS via File Leak
  >= 6.0.0, < 6.8.0
• HIGH7.5Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
  >= 6.2.0, < 6.3.0.1
• HIGH7.5Apache Struts vulnerable to memory exhaustion
  from 0, < 2.5.31
• HIGH7.5Improper Preservation of Permissions in Apache Struts
  >= 2.0.0, < 2.5.22
• HIGH7.5Special top object can be used to access Struts' internals
  from 0, < 2.3.24.1
• HIGH7.5Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
  >= 2.3.7, < 2.3.34
• HIGH7.5Spring AOP functionality (Struts) vulnerable to DoS attack
  >= 2.3.7, < 2.3.33
• MEDIUM6.5Apache Struts vulnerable to memory exhaustion
  from 0, < 2.5.31
• MEDIUM6.1Apache Struts XSS Vulnerability
  >= 2.0.0, < 2.3.28
• MEDIUM6.1Cross-site Scripting in Apache Struts
  from 0, < 2.3.20
• MEDIUM6.1Cross-site Scripting in Apache Struts
  >= 2.0.0, < 2.3.28
• MEDIUM5.9Apache Struts vulnerable to possible DoS attack when using URLValidator
  >= 2.5.0, < 2.5.13
• MEDIUM5.9Apache Struts Improper Input Validation vulnerability
  >= 2.5.0, < 2.5.12
• MEDIUM5.3Denial of service in Apache Struts
  >= 2.0.0, < 2.3.24.3
• MEDIUM5.3Apache Struts vulnerable to possible DoS attack when using URLValidator
  >= 2.3.20, < 2.3.29
• —Cross-site Scripting in Apache Struts
  from 0, < 2.3.20
• —Apache Struts is vulnerable to Cross-site Scripting
  >= 2.0.0, < 2.0.11.1
• —Apache Struts directory traversal vulnerability
  >= 2.0.0, < 2.0.12
• —Cross-site Scripting in Apache Struts
  from 0, < 2.2.3
• —Apache Struts is vulnerable to Cross-site Scripting
  from 0, < 2.3.16
• —Apache Struts2 Broken Access Control Vulnerability
  from 0, < 2.3.15.3
• —Code injection in Apache Struts
  >= 2.0.0, < 2.3.15.2
• —Open redirect in Apache Struts
  from 0, < 2.3.15.1
• —Cross-Site Request Forgery in Apache Struts
  >= 2.0.0, < 2.3.4.1
• —Incomplete exclude pattern in Apache Struts
  >= 2.0.0, < 2.3.20.1
• —Cross-Site Request Forgery in Apache Struts
  from 0, < 2.3.20
• —Arbitrary code execution in Apache Struts 2
  >= 2.0.0, < 2.3.14.3
• —Arbitrary code execution in Apache Struts 2
  >= 2.0.0, < 2.3.14.3
• —Apache Struts Code injection due to conversion error
  from 0, < 2.2.3.1
• —ClassLoader manipulation in Apache Struts
  from 0, < 2.3.20
• —Improper Control of Generation of Code in Apache Struts
  from 0, < 2.3.14.3
• —Arbitrary code execution in Apache Struts
  >= 2.0.0, < 2.3.14.2
• —ClassLoader manipulation in Apache Struts
  >= 2.0.0, < 2.3.16.2
• —ClassLoader manipulation in Apache Struts
  from 0, < 2.3.20
• —ClassLoader manipulation in Apache Struts
  from 0, < 2.3.20
• —Server side object manipulation in Apache Struts
  from 0, < 2.2.1
• —Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
  from 0, < 2.2.3.1
• —Apache Struts's ParameterInterceptor component does not prevent access to public constructors
  from 0, < 2.3.1.1