Struts Security Vulnerabilities and Issues — Struts CVE List

Lucene search

ApacheStruts

6 matches found

CVE•added 2020/12/11 2:15 a.m.•1322 views

CVE-2020-17530

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

9.8CVSS9.6AI score0.94395EPSS

CVE•added 2020/09/14 5:15 p.m.•407 views

CVE-2019-0230

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

9.8CVSS9.5AI score0.93849EPSS

CVE•added 2020/12/16 1:15 a.m.•262 views

CVE-2020-26258

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly availa...

7.7CVSS8.1AI score0.9368EPSS

CVE•added 2020/12/16 1:15 a.m.•256 views

CVE-2020-26259

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing ...

6.8CVSS7.5AI score0.91436EPSS

CVE•added 2020/09/14 5:15 p.m.•128 views

CVE-2019-0233

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

7.5CVSS8.1AI score0.06858EPSS

CVE•added 2020/02/27 6:15 p.m.•67 views

CVE-2015-2992

Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.

6.1CVSS5.8AI score0.01052EPSS