EUVD-2022-4099

Malicious code in bioql PyPI...

GHSA-WXW2-2MX5-C5QF Improper Input Validation in OpenSymphony XWork

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

Improper Input Validation in OpenSymphony XWork

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), info.kfgodel:bean2bean (>=1.1.5 <=1.1.6) +27 more potentially affected by CVE-2008-6504 via com.opensymphony:xwork (>=2.1.0 <=2.1.1)

com.opensymphony:xwork MAVEN version =2.1.0, =1.2.1, =1.1.5, =1.1.6 - net.sf.fastupload:fastupload-core =0.4.7 - org.apache.struts:struts2-apps =2.1.2 - org.apache.struts:struts2-blank =2.1.2 - org.apache.struts:struts2-codebehind-plugin =2.1.2 - org.apache.struts:struts2-config-browser-plugin...

com.google.code.struts2webflow:struts2webflow-parent (=1.0.4), com.google.code.struts2webflow:struts2webflow-plugin (=1.0.4) +23 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=2.0.0 <=2.0.3)

opensymphony:xwork MAVEN version =2.0.0, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.5, =2.0.8 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...

OpenSymphony XWork vulnerable to improper input validation

XWork is an command-pattern framework that is used to power WebWork as well as other applications. Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression...

berkano:bean-displaytag (>=20050615.234814 <=20050616.015551), berkano:berkano-util (>=dev-20050722 <=dev-20050723) +28 more potentially affected by CVE-2007-4556 via opensymphony:xwork (>=1.0.3 <=1.2.2)

opensymphony:xwork MAVEN version =1.0.3, =20050615.234814, =dev-20050722, =2.1.5, =1.1.3, =1.0-alpha-1, =1.1-beta-1, =1.1-beta-1, =1.0-beta-2, =1.0-beta-3 - org.codehaus.jet:jet-web-engine =1.0-beta-2 and more Source cves: CVE-2007-4556 Source advisory: OSV:GHSA-H7MF-QRM9-2848...

Denial Of Service (DoS)

OpenSymphony XWork is vulnerable to denial of service. Object-Graph Navigation Language OGNL expressions are recursively evaluated when altSyntax is enabled. A remote attacker is able to submit a crafted input to cause an infinite loop which results in a denial of service condition. This...

Apache Struts 2 2.3.1 - Multiple Vulnerabilities

Apache Struts 2 2.3.1 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerab...

Apache Struts 2 &lt; 2.3.1 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities in Apache Struts2 product: Apache Struts2 OpenSymphony XWork OpenSymphony OGNL vulnerable version: 2.3.1 and below fixed version: 2.3.1....

Security feature bypass

XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772....

CVE-2008-6504

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

Design/Logic Flaw

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

CVE-2008-6504

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

Input validation

Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression when altSyntax is enabled, which allows remote attackers to cause a denial of service infinite loop...

CVE-2007-4556

Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language OGNL expression when altSyntax is enabled, which allows remote attackers to cause a denial of service infinite loop...

CVE-2007-4556

OpenSymphony XWork (used by WebWork and Apache Struts) before 1.2.3, and 2.x before 2.0.4, evaluates inputs as OGNL expressions when altSyntax is enabled. The underlying issue is recursive OGNL processing, which can lead to a denial of service (infinite loop) and, in some cases, remote code execu...