com.amazonaws.serverless:aws-serverless-java-container-struts (=1.9), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=5.0.0) +52 more potentially affected by CVE-2025-68493 via org.apache.struts:struts2-core (>=6.0.0 <=6.10.0)

org.apache.struts:struts2-core MAVEN version =6.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.2 and more Source cves: CVE-2025-68493 Source advisory: SNYK:JAVA-ORGAPACHESTRUTS-14915536https:...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted XML files...

br.net.woodstock.rockframework:rockframework-struts (>=2.0.0 <=2.0.8), br.net.woodstock.rockframework:rockframework-web (>=1.2.4 <=3.0.1) +84 more potentially affected by CVE-2015-0899 via org.apache.struts:struts-core (=1.3.10)

org.apache.struts:struts-core MAVEN version =1.3.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts-core and may be impacted: - br.net.woodstock.rockframework:rockframework-struts =2.0.0, =1.2.4, =1.0.0, =1.0.0, =1.0.0, =0.9.1,...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +207 more potentially affected by CVE-2015-5169 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.1.2)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2015-5169 Source advisory: OSV:GHSA-VWHV-J36G-5RM8...

com.amashchenko.struts2.actionflow:struts2-actionflow-plugin (=2.4.0), com.amashchenko.struts2.actionflow:struts2-actionflow-showcase (=2.4.0) +79 more potentially affected by CVE-2016-4438 via org.apache.struts:struts2-core (>=2.3.1.1 <=2.3.28.1)

org.apache.struts:struts2-core MAVEN version =2.3.1.1, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.1.0, =1.1.0, =2.0.4 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-grid-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-mobile-plugin...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +202 more potentially affected by CVE-2012-0393 via org.apache.struts:struts2-core (>=2.0.5 <=2.3.16.3)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =0.5.9, =1.2.0, =1.0.0, =2.0, =1.0.3, =1.2.2, =1.4.0 and more Source cves: CVE-2012-0393 Source advisory: OSV:GHSA-HXQQ-W4MR-MC62...

Denial Of Service (DoS)

Struts-core is vulnerable to denial of service DoS attacks. A malicious user can pass a URL string to the application to overload the URL validation process, preventing other strings from being validated...