com.github.yujiaao:jmesa (>=4.0.1 <=4.1.3), com.microsoft.azure:applicationinsights-web (>=0.9.2 <=2.4.0-BETA) +23 more potentially affected by CVE-2008-6504 via com.opensymphony:xwork (>=2.0.4 <=2.0.5)

com.opensymphony:xwork MAVEN version =2.0.4, =4.0.1, =0.9.2, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.9, =2.0.11.2 and more Source cves: CVE-2008-6504 Source advisory: OSV:GHSA-WXW2-2MX5-C5QF...

MGASA-2015-0351 Updated struts packages fix CVE-2015-0899

Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...

MGASA-2014-0219 Updated struts packages fix CVE-2014-0114

Updated struts packages fix security vulnerability: It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running...