com.github.kaitoy.sneo:giane (>=1.2.0 <=1.2.3), com.googlecode.struts2-conversation:struts2-conversation-scope-plugin (=1.3.1) +13 more potentially affected by CVE-2016-6795 via org.apache.struts:struts2-convention-plugin (>=2.3.1 <=2.3.30)

org.apache.struts:struts2-convention-plugin MAVEN version =2.3.1, =1.2.0, =1.1.0, =3.3.0, =3.3.0, =2.3.1, =2.3.1, =2.3.1, =2.3.1, =3.0.0, =4.0.0, =1.0, =1.2.2, =1.3.5 Source cves: CVE-2016-6795 Source advisory: OSV:GHSA-44HV-JJX7-QFJG...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (>=2.5.1 <=4.0.1), com.jgeppert.struts2.jquery:struts2-jquery-grid-showcase (=4.0.3) +11 more potentially affected by CVE-2016-6795 via org.apache.struts:struts2-convention-plugin (>=2.5.1 <=2.5.33)

org.apache.struts:struts2-convention-plugin MAVEN version =2.5.1, =2.5.1, =1.0.0, =1.0.0, =1.0.0, =8.5.5-8.5.5-20220801, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.33 Source cves: CVE-2016-6795 Source advisory: OSV:GHSA-44HV-JJX7-QFJG...

GHSA-44HV-JJX7-QFJG Path Traversal in Apache Struts

In Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. This vulnerability is only exploitable when using the Struts 2 Convention plugin in conjunction with Apache...

CVE-2016-6795

In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side...

Apache Struts Convention Plugin Path Traversal Vulnerability

Struts2 is an extensible framework for building enterprise-class Jave Web applications. Struts 2.3.20 - 2.3.31 has a path traversal vulnerability in the Convention plugin, which can be exploited by an attacker to conduct path traversal and code execution attacks on the server side via a construct...