CVE-2016-3087

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-3087

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3087.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-3087

Aliases

GHSA-mmj6-cjj4-hpr5

Published

2016-06-07T18:59:02.713Z

Modified

2025-11-20T10:26:00.077501Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type: GIT
Repo: https://github.com/apache/struts
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0320310406f6b11cfd235d7a9b866cf1de483a1e

Last affected

0ac8932aa3a1b28a8f950863c17165cdc63b1474

Last affected

7a9863169f7d981be0d2d57437974ae2cc0c8bd3

Last affected

925741ad1e8e48c7a6d687fe02d3fdb6386eb64c

Last affected

a9974eec5689a7113a6fb1e2096252f0935064dd

Affected versions

Other

STRUTS_2_2_1

STRUTS_2_3_14

STRUTS_2_3_16_1

STRUTS_2_3_16_2

STRUTS_2_3_16_3

STRUTS_2_3_17

STRUTS_2_3_19

STRUTS_2_3_20

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-3087.json"