org.apache.struts:struts2-struts1-plugin@2.3.15 vulnerabilities
-
latest version
2.3.37
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
5 years ago
-
licenses detected
- [2.0.5,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.struts:struts2-struts1-plugin package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of the package are vulnerable to Arbitrary Code Execution. When using untrusted input as a part of the error message in the ActionMessage class, a malicious user can pass in a raw message to the ActionMessage, which will then run on the server. How to fix Arbitrary Code Execution? There is no fix version for The vendor recommends the following:
|
[2.3,)
|