6 matches found
br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +24 more potentially affected by CVE-2025-54656 via org.apache.struts:struts-extras (=1.3.10)
org.apache.struts:struts-extras MAVEN version =1.3.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts-extras and may be impacted: - br.net.woodstock.rockframework:rockframework-struts =2.0.0, =1.2.4, =0.4.5, =0.4.5, =0.4.5,...
GHSA-CX25-XG7C-XFM5 Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability
UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...
Improper Output Neutralization for Logs
Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the LookupDispatchAction function. An attacker can manipulate log output by submitting specially crafted input, causing parts of the log message to appear as separate log lines and potentially...
br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +25 more potentially affected by CVE-2025-54656 via org.apache.struts:struts-extras (>=1.3.10 <=1.3.8)
org.apache.struts:struts-extras MAVEN version =1.3.10, =2.0.0, =1.2.1, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =0.4.5, =2.1.1, =3.0-beta-1, =3.0.0 and more Source cves: CVE-2025-54656 Source advisory: SNYK:JAVA-ORGAPACHESTRUTS-11502096...
CVE-2025-54656
UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...
Apache Struts Extras 2 安全漏洞
Apache Struts Extras 2 is an extension to the Apache Struts 2 framework from the Apache USA Foundation. A security vulnerability exists in Apache Struts Extras 2 that stems from the possibility of printing untrusted input to the log when using LookupDispatchAction...