org.apache.struts:struts2-assembly (>=2.5.1 <=2.5.12), org.apache.struts:struts2-rest-showcase (>=2.5.1 <=2.5.12) potentially affected by CVE-2017-9805 via org.apache.struts:struts2-rest-plugin (>=2.5.1 <=2.5.12)

org.apache.struts:struts2-rest-plugin MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.12 Source cves: CVE-2017-9805 Source advisory: OSV:GHSA-GG9M-FJ3V-R58C...

GHSA-GG9M-FJ3V-R58C REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +73 more potentially affected by CVE-2017-9804 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.12)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.12 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-9804, CVE-2017-9805 Source advisory:...

Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...

GHSA-X5X7-3V85-WPC4 Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used

In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. NOTE: this...

org.apache.struts:struts2-assembly (>=2.2.1 <=2.3.33), org.apache.struts:struts2-rest-showcase (>=2.1.2 <=2.3.33) +5 more potentially affected by CVE-2017-9793 +1 more via org.apache.struts:struts2-rest-plugin (>=2.1.2 <=2.3.33)

org.apache.struts:struts2-rest-plugin MAVEN version =2.1.2, =2.2.1, =2.1.2, =2.0-RC2.3, =1.0, =1.0.1 - org.meruvian.yama:yama-struts-core =1.0.1 Source cves: CVE-2017-9793, CVE-2017-9805 Source advisory: OSV:GHSA-VWXJ-6M5M-RRVH...

The REST Plugin in Apache Struts is using an outdated XStream library

The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

GHSA-VWXJ-6M5M-RRVH The REST Plugin in Apache Struts is using an outdated XStream library

The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-9787 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-9787, CVE-2017-9805 Source advisory:...

Spring AOP functionality (Struts) vulnerable to DoS attack

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

GHSA-8MR5-H28G-36QX Spring AOP functionality (Struts) vulnerable to DoS attack

When using a Spring AOP functionality to secure Struts actions it is possible to perform a DoS attack. Solution is to upgrade to Apache Struts version 2.5.12 or 2.3.33...

Apache Struts Improper Input Validation vulnerability

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-7672 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-7672, CVE-2017-9805 Source advisory:...

GHSA-9GP7-JVM2-R4MX Apache Struts Improper Input Validation vulnerability

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12...

GHSA-XCRM-QPP8-HCW4 Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

org.apache.struts:struts2-assembly (>=2.5.1 <=2.5.14.1), org.apache.struts:struts2-rest-showcase (>=2.5.1 <=2.5.14.1) potentially affected by CVE-2017-15707 via org.apache.struts:struts2-rest-plugin (>=2.5.1 <=2.5.14.1)

org.apache.struts:struts2-rest-plugin MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.14.1 Source cves: CVE-2017-15707 Source advisory: OSV:GHSA-XCRM-QPP8-HCW4...

Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal

In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...

com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.0.5-RELEASE), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=2.5.1) +71 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.5.1 <=2.5.10.1)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.0.3-RELEASE, =0.9.4, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.1, =2.5.10.1 - org.apache.struts:struts2-java8-support-plugin =2.5.1 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory:...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +228 more potentially affected by CVE-2017-12611 +1 more via org.apache.struts:struts2-core (>=2.0.11 <=2.3.33)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.2.3 and more Source cves: CVE-2017-12611, CVE-2017-9805 Source advisory: OSV:GHSA-8FX9-5HX8-CRHM...