Vulnerabilities > Apache > Struts > 2.0.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-50164 | Unspecified vulnerability in Apache Struts An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 |
| 2023-12-05 | CVE-2023-41835 | Incomplete Cleanup vulnerability in Apache Struts When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. | 7.5 |
| 2023-06-14 | CVE-2023-34149 | Unspecified vulnerability in Apache Struts Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater. | 6.5 |
| 2023-06-14 | CVE-2023-34396 | Unspecified vulnerability in Apache Struts Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater | 7.5 |
| 2022-04-12 | CVE-2021-31805 | Expression Language Injection vulnerability in Apache Struts The fix issued for CVE-2020-17530 was incomplete. | 9.8 |
| 2020-12-11 | CVE-2020-17530 | Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 9.8 |
| 2020-09-14 | CVE-2019-0233 | Improper Preservation of Permissions vulnerability in multiple products An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload. | 7.5 |
| 2020-09-14 | CVE-2019-0230 | Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 9.8 |
| 2020-02-27 | CVE-2015-2992 | Cross-site Scripting vulnerability in Apache Struts Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2019-11-01 | CVE-2011-3923 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 |