Apache

Struts

87 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-53677

  • EPSS 91.35%
  • Published 11.12.2024 16:15:14
  • Last modified 15.07.2025 16:30:19

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This i...

9.8

CVE-2023-50164

  • EPSS 92.86%
  • Published 07.12.2023 09:15:07
  • Last modified 13.02.2025 18:15:49

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2...

7.5

CVE-2023-41835

  • EPSS 0.26%
  • Published 05.12.2023 09:15:07
  • Last modified 28.05.2025 16:15:30

When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 ...

7.5

CVE-2023-34396

  • EPSS 0.12%
  • Published 14.06.2023 08:15:09
  • Last modified 13.02.2025 17:16:36

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

6.5

CVE-2023-34149

  • EPSS 0.06%
  • Published 14.06.2023 08:15:09
  • Last modified 13.02.2025 17:16:34

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

9.8

CVE-2021-31805

  • EPSS 93.96%
  • Published 12.04.2022 16:15:08
  • Last modified 21.11.2024 06:06:15

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL ...

6.8

CVE-2020-26259

Exploit
  • EPSS 90.7%
  • Published 16.12.2020 01:15:12
  • Last modified 23.05.2025 16:54:02

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrar...

7.7

CVE-2020-26258

Exploit
  • EPSS 93.68%
  • Published 16.12.2020 01:15:12
  • Last modified 23.05.2025 16:53:23

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data fro...

9.8

CVE-2020-17530

Warning
  • EPSS 94.36%
  • Published 11.12.2020 02:15:10
  • Last modified 03.04.2025 16:07:29

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

9.8

CVE-2019-0230

Exploit
  • EPSS 93.84%
  • Published 14.09.2020 17:15:09
  • Last modified 21.11.2024 04:16:32

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.