org.apache.struts.xwork:xwork-core@2.3.15.3 vulnerabilities
-
latest version
2.3.37
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
5 years ago
-
licenses detected
- [2.2.1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.struts.xwork:xwork-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.struts.xwork:xwork-core is a generic command pattern framework. It forms the core of Struts 2. Affected versions of this package are vulnerable to Improper Input Validation such that the Note: The Struts 2 framework does not pass any user-modifiable input to this method, neither directly nor indirectly. However, a developer crafting a Struts based web application might pass unsanitized user input to How to fix Improper Input Validation? Upgrade |
[2.0.0,2.3.24.1)
|
|
[2.2.1,2.3.28.1]
|
|
[2,2.3.24.1]
|
org.apache.struts.xwork:xwork-core is a generic command pattern framework. It forms the core of Struts 2. Affected versions of this package are vulnerable to Command Injection. When Dynamic Method Invocation was enabled, a remote attackers could execute arbitrary code via the prefix method, related to chained expressions. How to fix Command Injection? Upgrade |
[2.0.0,2.3.20.2)
[2.3.24,2.3.24.2)
[2.3.28,2.3.28.1)
|
|
[2,2.3.25)
|
org.apache.struts.xwork:xwork-core is a generic command pattern framework. It forms the core of Struts 2. Affected versions of this package are vulnerable to Improper Input Validation via a How to fix Improper Input Validation? Upgrade |
[2,2.3.28)
|
|
[2,2.3.24.1)
|
|
[2.0.0,2.3.16.2)
|