br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +206 more potentially affected by CVE-2015-1831 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.3.20)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =2.0.0, =1.2.4, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.1.1 and more Source cves: CVE-2015-1831 Source advisory: OSV:GHSA-Q2CG-XF9P-H457...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +214 more potentially affected by CVE-2015-1831 via org.apache.struts:struts2-core (>=2.0.11 <=2.3.20)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2015-1831 Source advisory: OSV:GHSA-Q2CG-XF9P-H457...

GHSA-Q2CG-XF9P-H457 Incomplete exclude pattern in Apache Struts

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors. In Struts 2.3.20.1 a better set of exlude patterns was defined...

Incomplete exclude pattern in Apache Struts

The default exclude patterns excludeParams in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors. In Struts 2.3.20.1 a better set of exlude patterns was defined...

GHSA-38QW-J787-V8C2 Apache Struts CSRF Vulnerability

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

Apache Struts CSRF Vulnerability

Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, which allows remote attackers to conduct cross-site request forgery CSRF attacks via unspecified vectors...

br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +84 more potentially affected by CVE-2015-0899 via org.apache.struts:struts-core (=1.3.10)

org.apache.struts:struts-core MAVEN version =1.3.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts-core and may be impacted: - br.net.woodstock.rockframework:rockframework-struts =2.0.0, =1.2.4, =1.0.0, =1.0.0, =1.0.0, =0.9.1,...

com.addc:addc-svr-struts12 (>=2.5 <=2.6.1), com.addc:addc-web-struts12 (>=2.5 <=2.6.1) +75 more potentially affected by CVE-2015-0899 via struts:struts (>=1.1 <=1.2.9)

struts:struts MAVEN version =1.1, =2.5, =2.5, =0.8-M1, =0.9.0, =5.0, =5.0, =4.0.3, =4.0.4 - nanocontainer:nanocontainer-nanowar-sample =1.0-RC-1 and more Source cves: CVE-2015-0899 Source advisory: OSV:GHSA-CVVX-R33M-V7PQ...

GHSA-CVVX-R33M-V7PQ Improper Input Validation in Apache Struts

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter...

Improper Input Validation in Apache Struts

The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +215 more potentially affected by CVE-2015-5209 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.24)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =0.5.9, =1.2.0, =1.0.0, =1.2.6 and more Source cves: CVE-2015-5209 Source advisory: OSV:GHSA-4QGJ-9MVG-3929...

GHSA-4QGJ-9MVG-3929 Special top object can be used to access Struts' internals

ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patch...

Special top object can be used to access Struts' internals

ValueStack defines special top object which represents root of execution context. It can be used to manipulate Struts' internals or can be used to affect container's settings. Applying better regex which includes pattern to exclude request parameters trying to use top object. This issue was patch...

GHSA-86VQ-8QHC-5RQW Apache Struts vulnerable to possible DoS attack when using URLValidator

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

GHSA-GGMP-FXFG-277R Apache Struts RCE Vulnerability

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

Apache Struts RCE Vulnerability

The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling...

Apache Struts vulnerable to possible DoS attack when using URLValidator

If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL...

ca.stellardrift.guice-backport.extensions:guice-struts2 (=5.0.1), com.google.inject.extensions:guice-struts2 (>=3.0 <=5.0.1) +58 more potentially affected by CVE-2011-2088 via org.apache.struts.xwork:xwork-core (>=2.2.1 <=2.2.1.1)

org.apache.struts.xwork:xwork-core MAVEN version =2.2.1, =3.0, =2.4.0, =2.4.0, =3.0.0, =3.0.0, =2.4.0, =2.4.0, =2.4.0, =3.0.0, =2.0.7-incubating, =2.2.1.11, =2.2.1, =2.2.1.1 and more Source cves: CVE-2011-2088 Source advisory: OSV:GHSA-9CCM-G362-2R35...

GHSA-9CCM-G362-2R35 XWork in Apache Struts Reveals Sensitive Information

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

XWork in Apache Struts Reveals Sensitive Information

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....