pkg:Maven/org.apache.struts.xwork:xwork-core

All known vulnerabilities

• CRITICAL9.8CVE-2012-0391⚠ KEVApache Struts Remote Java Code Execution
  from 0, < 2.2.3.1
• HIGH8.8CVE-2016-4430Apache Struts CSRF Vulnerability
  >= 2.3.20, < 2.3.29
• HIGH8.1CVE-2025-68493Apache Struts 2 is Missing XML Validation
  >= 2.2.1
• HIGH8.1CVE-2013-2115Code injection in Apache Struts
  >= 2.0.0, < 2.3.14.2
• HIGH7.5CVE-2016-4433Apache Struts Open Redirect
  >= 2.3.20, < 2.3.29
• —CVE-2012-4387Denial of service in Apache Struts
  >= 2.0.0, < 2.3.4.1
• —CVE-2015-1831Incomplete exclude pattern in Apache Struts
  >= 2.0.0, < 2.3.20.1
• —CVE-2011-2088XWork in Apache Struts Reveals Sensitive Information
  from 0, < 2.2.2
• —CVE-2013-2134Arbitrary code execution in Apache Struts 2
  >= 2.0.0, < 2.3.14.3
• —CVE-2013-2135Arbitrary code execution in Apache Struts 2
  >= 2.0.0, < 2.3.14.3
• —CVE-2012-0838Apache Struts Code injection due to conversion error
  from 0, < 2.2.3.1
• —CVE-2013-1966Arbitrary code execution in Apache Struts
  >= 2.0.0, < 2.3.14.2
• —CVE-2014-0094ClassLoader manipulation in Apache Struts
  >= 2.0.0, < 2.3.16.2
• —CVE-2012-0393Apache Struts's ParameterInterceptor component does not prevent access to public constructors
  from 0, < 2.2.3.1
• —CVE-2012-0394Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
  from 0, < 2.3.18
• —CVE-2012-0392Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
  from 0, < 2.2.3.1