Vulnerabilities > Apache > Struts > 2.3.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-07-20 | CVE-2013-2251 | Injection vulnerability in multiple products Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix. | 9.8 |
| 2013-07-10 | CVE-2013-2115 | Code Injection vulnerability in Apache Struts Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. | 8.1 |