1986 matches found
GHSA-CX25-XG7C-XFM5 Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability
UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...
Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability
UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...
CVE-2025-54656
UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...
CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs
UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...
CVE-2025-54656 Apache Struts Extras: Improper Output Neutralization for Logs
UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...
CVE-2025-54656
CVE-2025-54656 affects Apache Struts Extras before 2. The vulnerability is due to improper output neutralization for logs: when using LookupDispatchAction, untrusted input can be written to logs, potentially creating misleading log lines. The project is retired and no fix is planned; IBM/PTsecuri...
Apache Struts Extras 2 安全漏洞
Apache Struts Extras 2 is an extension to the Apache Struts 2 framework from the Apache USA Foundation. A security vulnerability exists in Apache Struts Extras 2 that stems from the possibility of printing untrusted input to the log when using LookupDispatchAction...
PT-2025-31399 · Apache · Apache Struts Extras
Name of the Vulnerable Software and Affected Versions: Apache Struts Extras versions prior to 2 Description: This issue involves improper output neutralization for logs in Apache Struts Extras. When using LookupDispatchAction, untrusted input may be printed to logs without filtering. This can lea...
PT-2025-30119 · Undefined · Undefined
CVE-2024-12498 - CVE-2021-42251: Apache Struts Deserialization Remote Code Execution CVE ID : CVE-2024-12498 Published : July 16, 2025, 11:15 p.m. | 1 hour, 51 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA...
PT-2025-29306 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The vulnerability was rejected due to it not being used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2025-27296 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a deserialization vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...
PT-2025-26489 · Undefined · Undefined
CVE-2005-2347 - CVE-2022-1234: Apache Struts XML Entity Expansion XXE Vulnerability CVE ID : CVE-2005-2347 Published : June 19, 2025, 11:15 a.m. | 57 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the...
PT-2025-25304 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution vulnerability. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
PT-2025-25299 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue concerns a remote code execution problem. No specific details about affected devices, real-world incidents, or technical exploitation details such as API endpoints, vulnerab...
PT-2025-25194 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: A remote code execution issue has been identified. No information is available about the estimated number of potentially affected devices worldwide or real-world incidents where this...
Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts
CVE-2024-53677: Apache Struts path traversal to RCE vulnerabil...
PT-2025-23322 · Undefined · Undefined
CVE-2022-44452 - Apache Struts Remote Code Execution Vulnerability CVE ID : CVE-2022-44452 Published : May 28, 2025, 7:15 p.m. | 2 hours, 16 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA...
PT-2025-23231 · Undefined · Undefined
CVE-2022-21150 - Apache Struts Deserialization Vulnerability CVE ID : CVE-2022-21150 Published : May 27, 2025, 11:15 p.m. | 2 hours, 15 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visi...
PT-2025-23330 · Undefined · Undefined
CVE-2022-45117 - Apache Struts Remote Code Execution Vulnerability CVE ID : CVE-2022-45117 Published : May 28, 2025, 7:15 p.m. | 2 hours, 15 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA...
PT-2025-23294 · Undefined · Undefined
CVE-2022-26424 - Apache Struts Command Injection CVE ID : CVE-2022-26424 Published : May 28, 2025, 5:15 p.m. | 16 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused Severity: 0.0 | NA Visit the link for more...