Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 76 results


CVE-2023-50164

Medium priority
Ignored

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade...

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Ignored Ignored
Show less packages

CVE-2023-41835

Medium priority
Ignored

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to...

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Ignored Ignored
Show less packages

CVE-2023-34396

Medium priority
Ignored

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Not in release Not in release
Show less packages

CVE-2023-34149

Medium priority
Ignored

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Not in release Not in release
Show less packages

CVE-2021-31805

Medium priority

Not in release

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...}...

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Not in release Not in release
Show less packages

CVE-2020-17530

Medium priority

Not in release

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Not in release
Show less packages

CVE-2019-0233

Unknown priority

Not in release

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Not in release
Show less packages

CVE-2019-0230

Unknown priority

Not in release

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java Not in release Not in release Not in release
Show less packages

CVE-2015-2992

Low priority
Not affected

Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java
Show less packages

CVE-2012-1592

Medium priority
Not affected

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.

1 affected packages

libstruts1.2-java

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libstruts1.2-java
Show less packages