Package impact

Maven / org.apache.struts:struts2-core

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2017-12611	critical	9.8	10.0				9y ago	Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal
CVE-2016-3087	critical	9.8	10.0				10y ago	Apache Struts vulnerable to arbitrary remote code execution due to improper input validation
CVE-2013-4316	critical	—	10.0				13y ago	Code injection in Apache Struts
CVE-2013-2134	critical	—	10.0				13y ago	Arbitrary code execution in Apache Struts 2
CVE-2013-1966	critical	—	10.0				13y ago	Arbitrary code execution in Apache Struts
CVE-2012-0838	critical	—	10.0				15y ago	Apache Struts Code injection due to conversion error
CVE-2016-4436	critical	9.8	9.8				10y ago	Apache Struts improper action name cleanup
CVE-2016-4438	critical	9.8	9.8				10y ago	Arbitrary code execution in Apache Struts 2
CVE-2016-3082	critical	9.8	9.8				10y ago	Remote Code Execution in Apache Struts
CVE-2013-2135	critical	—	9.3				13y ago	Arbitrary code execution in Apache Struts 2
CVE-2013-1965	critical	—	9.3				13y ago	Improper Control of Generation of Code in Apache Struts
CVE-2016-3081	high	8.1	9.1				10y ago	Apache Struts RCE Vulnerability
CVE-2013-2115	high	8.1	9.1				13y ago	Code injection in Apache Struts
CVE-2016-4461	high	8.8	8.8				9y ago	Apache Struts forced double OGNL evaluation
CVE-2016-0785	high	8.8	8.8				10y ago	Apache Struts RCE Vulnerability
CVE-2014-0113	high	—	8.5				12y ago	ClassLoader manipulation in Apache Struts
CVE-2014-0112	high	—	8.5				12y ago	ClassLoader manipulation in Apache Struts
CVE-2012-0392	medium	—	7.8				15y ago	Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
CVE-2017-9804	high	7.5	7.5				9y ago	Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
CVE-2015-5209	high	7.5	7.5				9y ago	Special top object can be used to access Struts' internals
CVE-2017-9787	high	7.5	7.5				9y ago	Spring AOP functionality (Struts) vulnerable to DoS attack
CVE-2015-1831	high	—	7.5				11y ago	Incomplete exclude pattern in Apache Struts
CVE-2012-0393	medium	—	7.4				15y ago	Apache Struts's ParameterInterceptor component does not prevent access to public constructors
CVE-2014-7809	medium	—	6.8				12y ago	Cross-Site Request Forgery in Apache Struts
CVE-2013-2248	medium	—	6.8				13y ago	Open redirect in Apache Struts
CVE-2012-4386	medium	—	6.8				14y ago	Cross-Site Request Forgery in Apache Struts
CVE-2015-5169	medium	6.1	6.1				9y ago	Cross-site Scripting in Apache Struts
CVE-2016-4003	medium	6.1	6.1				10y ago	Cross-site Scripting in Apache Struts
CVE-2016-2162	medium	6.1	6.1				10y ago	Apache Struts XSS Vulnerability
CVE-2014-0094	medium	—	6.0				12y ago	ClassLoader manipulation in Apache Struts
CVE-2010-1870	medium	—	6.0				16y ago	Server side object manipulation in Apache Struts
CVE-2016-8738	medium	5.9	5.9				9y ago	Apache Struts vulnerable to possible DoS attack when using URLValidator
CVE-2017-7672	medium	5.9	5.9				9y ago	Apache Struts Improper Input Validation vulnerability
CVE-2014-0116	medium	—	5.8				12y ago	ClassLoader manipulation in Apache Struts
CVE-2013-4310	medium	—	5.8				13y ago	Apache Struts2 Broken Access Control Vulnerability
CVE-2016-4465	medium	5.3	5.3				10y ago	Apache Struts vulnerable to possible DoS attack when using URLValidator
CVE-2016-3093	medium	5.3	5.3				10y ago	Denial of service in Apache Struts
CVE-2013-6348	medium	—	4.3				13y ago	Apache Struts is vulnerable to Cross-site Scripting
CVE-2013-2251	unknown	—	2.5				4y ago	Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
CVE-2012-0391	unknown	—	2.5				4y ago	The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.
CVE-2020-17530	unknown	—	2.5				4y ago	Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
CVE-2018-11776	unknown	—	2.5				8y ago	Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defi…
CVE-2017-5638	unknown	—	2.5				8y ago	Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
CVE-2008-6505	unknown	—	1.0				4y ago	Apache Struts directory traversal vulnerability
CVE-2012-1592	unknown	—	1.0				4y ago	Unrestricted Upload of File with Dangerous Type in Apache Struts2
CVE-2011-3923	unknown	—	1.0				4y ago	Struts ParameterInterceptor vulnerability allows remote command execution
CVE-2019-0230	unknown	—	1.0				5y ago	Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
CVE-2025-68493	unknown	—	—				5mo ago	Apache Struts 2 is Missing XML Validation
CVE-2025-66675	unknown	—	—				6mo ago	Apache Struts has a Denial of Service vulnerability
CVE-2025-64775	unknown	—	—				6mo ago	Apache Struts is Vulnerable to DoS via File Leak
CVE-2024-53677	unknown	—	—				2y ago	Apache Struts file upload logic is flawed
CVE-2023-50164	unknown	—	—				3y ago	Apache Struts vulnerable to path traversal
CVE-2023-41835	unknown	—	—				3y ago	Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
CVE-2023-34396	unknown	—	—				3y ago	Apache Struts vulnerable to memory exhaustion
CVE-2023-34149	unknown	—	—				3y ago	Apache Struts vulnerable to memory exhaustion
CVE-2019-0233	unknown	—	—				4y ago	Improper Preservation of Permissions in Apache Struts
CVE-2008-6682	unknown	—	—				4y ago	Apache Struts is vulnerable to Cross-site Scripting
CVE-2021-31805	unknown	—	—				4y ago	Expression Language Injection in Apache Struts