SUSE CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

com.addc:addc-svr-struts12 (>=2.5 <=2.6.1), com.addc:addc-web-struts12 (>=2.5 <=2.6.1) +49 more potentially affected by CVE-2025-54656 via struts:struts (=1.2.9)

struts:struts MAVEN version =1.2.9 is affected by a known vulnerability. The following packages have a transitive dependency on struts:struts and may be impacted: - com.addc:addc-svr-struts12 =2.5, =2.5, =5.0, =5.0, =4.0.3, =2.0.0, =2.10.0 - net.mlw:vlh =0.1.13 - net.openurp.ecupl:ecupl-eams-weba...

Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

GHSA-CX25-XG7C-XFM5 Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +25 more potentially affected by CVE-2025-54656 via org.apache.struts:struts-extras (>=1.3.10 <=1.3.8)

org.apache.struts:struts-extras MAVEN version =1.3.10, =2.0.0, =1.2.1, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =2.1.1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2025-54656 Source advisory: SNYK:JAVA-ORGAPACHESTRUTS-11502096...

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the LookupDispatchAction function. An attacker can manipulate log output by submitting specially crafted input, causing parts of the log message to appear as separate log lines and potentially...

CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

CVE-2025-54656

CVE-2025-54656 affects Apache Struts Extras before 2. The vulnerability is due to improper output neutralization for logs: when using LookupDispatchAction, untrusted input can be written to logs, potentially creating misleading log lines. The project is retired and no fix is planned; IBM/PTsecuri...

CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

Apache Struts Extras 2 安全漏洞

Apache Struts Extras 2 is an extension to the Apache Struts 2 framework from the Apache USA Foundation. A security vulnerability exists in Apache Struts Extras 2 that stems from the possibility of printing untrusted input to the log when using LookupDispatchAction...

PT-2025-31399 · Apache · Apache Struts Extras

Name of the Vulnerable Software and Affected Versions: Apache Struts Extras versions prior to 2 Description: This issue involves improper output neutralization for logs in Apache Struts Extras. When using LookupDispatchAction, untrusted input may be printed to logs without filtering. This can lea...

PT-2025-30119 · Undefined · Undefined

CVE-2024-12498 - CVE-2021-42251: Apache Struts Deserialization Remote Code Execution CVE ID : CVE-2024-12498 Published : July 16, 2025, 11:15 p.m. | 1 hour, 51 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA...

PT-2025-29306 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The vulnerability was rejected due to it not being used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2025-27296 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a deserialization vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...

PT-2025-26489 · Undefined · Undefined

CVE-2005-2347 - CVE-2022-1234: Apache Struts XML Entity Expansion XXE Vulnerability CVE ID : CVE-2005-2347 Published : June 19, 2025, 11:15 a.m. | 57 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the...

PT-2025-25299 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution problem. No specific details about affected devices, real-world incidents, or technical exploitation details such as API endpoints, vulnerab...

PT-2025-25304 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...

PT-2025-25194 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: A remote code execution issue has been identified. No information is available about the estimated number of potentially affected devices worldwide or real-world incidents where this...