Vulnerabilities > Apache > Struts

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-50164 Unspecified vulnerability in Apache Struts
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
network
low complexity
apache
critical
9.8
2023-12-05 CVE-2023-41835 Incomplete Cleanup vulnerability in Apache Struts
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
network
low complexity
apache CWE-459
7.5
2023-06-14 CVE-2023-34149 Unspecified vulnerability in Apache Struts
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
network
low complexity
apache
6.5
2023-06-14 CVE-2023-34396 Unspecified vulnerability in Apache Struts
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater
network
low complexity
apache
7.5
2022-04-12 CVE-2021-31805 Expression Language Injection vulnerability in Apache Struts
The fix issued for CVE-2020-17530 was incomplete.
network
low complexity
apache CWE-917
critical
9.8
2020-12-11 CVE-2020-17530 Expression Language Injection vulnerability in multiple products
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
network
low complexity
apache oracle CWE-917
critical
9.8
2020-09-14 CVE-2019-0233 Improper Preservation of Permissions vulnerability in multiple products
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
network
low complexity
apache oracle CWE-281
7.5
2020-09-14 CVE-2019-0230 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
network
low complexity
apache oracle
critical
9.8
2020-02-27 CVE-2015-2992 Cross-site Scripting vulnerability in Apache Struts
Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.
network
low complexity
apache CWE-79
6.1
2019-12-05 CVE-2012-1592 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Struts 2.0.0
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
network
low complexity
apache CWE-434
8.8