Apache

Struts

87 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-53677

  • EPSS 91.35%
  • Veröffentlicht 11.12.2024 16:15:14
  • Zuletzt bearbeitet 15.07.2025 16:30:19

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This i...

9.8

CVE-2023-50164

  • EPSS 92.86%
  • Veröffentlicht 07.12.2023 09:15:07
  • Zuletzt bearbeitet 13.02.2025 18:15:49

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2...

7.5

CVE-2023-41835

  • EPSS 0.26%
  • Veröffentlicht 05.12.2023 09:15:07
  • Zuletzt bearbeitet 28.05.2025 16:15:30

When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 ...

7.5

CVE-2023-34396

  • EPSS 0.12%
  • Veröffentlicht 14.06.2023 08:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:36

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

6.5

CVE-2023-34149

  • EPSS 0.06%
  • Veröffentlicht 14.06.2023 08:15:09
  • Zuletzt bearbeitet 13.02.2025 17:16:34

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

9.8

CVE-2021-31805

  • EPSS 93.96%
  • Veröffentlicht 12.04.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:06:15

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL ...

6.8

CVE-2020-26259

Exploit
  • EPSS 90.7%
  • Veröffentlicht 16.12.2020 01:15:12
  • Zuletzt bearbeitet 23.05.2025 16:54:02

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrar...

7.7

CVE-2020-26258

Exploit
  • EPSS 93.68%
  • Veröffentlicht 16.12.2020 01:15:12
  • Zuletzt bearbeitet 23.05.2025 16:53:23

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data fro...

9.8

CVE-2020-17530

Warnung
  • EPSS 94.36%
  • Veröffentlicht 11.12.2020 02:15:10
  • Zuletzt bearbeitet 03.04.2025 16:07:29

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

9.8

CVE-2019-0230

Exploit
  • EPSS 93.84%
  • Veröffentlicht 14.09.2020 17:15:09
  • Zuletzt bearbeitet 21.11.2024 04:16:32

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.