SUSE CVE-2013-1966

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

SUSE CVE-2013-2115

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...

SUSE CVE-2015-1831

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors...

SUSE CVE-2016-2162

Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors involving language display...

SUSE CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

SUSE CVE-2016-4431

Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method...

SUSE CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

org.apache.struts:struts2-apps (>=2.0.11 <=2.0.11.2), org.apache.struts:struts2-assembly (=2.0.11) +19 more potentially affected by CVE-2008-6505 via org.apache.struts:struts2-core (>=2.0.11 <=2.0.11.2)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11.2 and more Source cves: CVE-2008-6505 Source advisory: OSV:GHSA-WV7G-XHVW-8HCP...

GHSA-WV7G-XHVW-8HCP Apache Struts directory traversal vulnerability

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2) +76 more potentially affected by CVE-2011-1772 via org.apache.struts:struts2-core (>=2.0.5 <=2.2.1.1)

org.apache.struts:struts2-core MAVEN version =2.0.5, =1.2.1, =0.6, =3.0, =2.4.0, =2.1.0, =3.0.2 and more Source cves: CVE-2011-1772 Source advisory: OSV:GHSA-56F8-G68R-J699...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +171 more potentially affected by CVE-2013-4316 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.15.1)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 - com.google.inject.extensions:guice-struts2-plugin =2.0 and more Source cves: CVE-2013-4316 Source advisory: OSV:GHSA-J7H6-XR7G-M2C5...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +73 more potentially affected by CVE-2016-4465 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.12)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.12 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2016-4465 Source advisory: OSV:GHSA-XG75-68X3-7P3Q...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +214 more potentially affected by CVE-2015-1831 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.20)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2015-1831 Source advisory: OSV:GHSA-Q2CG-XF9P-H457...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +215 more potentially affected by CVE-2015-5209 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.24)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2015-5209 Source advisory: OSV:GHSA-4QGJ-9MVG-3929...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +117 more potentially affected by CVE-2013-2134 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.2)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.6.0 and more Source cves: CVE-2013-2134 Source advisory: OSV:GHSA-GQQM-564F-VVXQ...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +133 more potentially affected by CVE-2013-2135 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.14.2)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.2.0, =1.0.3, =0.6, =3.0, =5.0.1 - com.google.inject.extensions:guice-struts2-plugin =2.0 - com.google.inject.integration:guice-struts2-plugin =1.0 - com.googlecode.rapid-framework:rapid-core =4.0 and more Source cves:...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +117 more potentially affected by CVE-2013-2135 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.2)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.6.0 and more Source cves: CVE-2013-2135 Source advisory: OSV:GHSA-PW8R-X2QM-3H5M...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +207 more potentially affected by CVE-2014-0112 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.1.2)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2014-0112 Source advisory: OSV:GHSA-PRJV-JJ26-WF8H...

br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +115 more potentially affected by CVE-2013-1966 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.14.1)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.2.0, =1.0.3, =3.0, =1.7.3, =1.7.3, =1.7.3, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =3.2.1 and more Source cves: CVE-2013-1966 Source advisory: OSV:GHSA-737W-MH58-CXJPhttps://vulners.com/osv/OSV:GHSA-737W...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +180 more potentially affected by CVE-2014-0094 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.16.1)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.0, =1.0.0, =1.0.3, =1.2.2, =1.4.1, =0.6, =0.7 and more Source cves: CVE-2014-0094 Source advisory: OSV:GHSA-VRWC-QJMW-5RJM...