GHSA-8m5q-crqq-6pmf

Suggest an improvement
Source
https://github.com/advisories/GHSA-8m5q-crqq-6pmf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-8m5q-crqq-6pmf/GHSA-8m5q-crqq-6pmf.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8m5q-crqq-6pmf
Aliases
  • CVE-2012-1592
Published
2022-04-23T00:40:23Z
Modified
2023-11-08T03:57:04.028343Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Unrestricted Upload of File with Dangerous Type in Apache Struts2
Details

A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files. A patch exists as of version 2.5.22.

References

Affected packages

Maven / org.apache.struts:struts2-core

Package

Name
org.apache.struts:struts2-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.struts/struts2-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0
Fixed
2.5.22

Affected versions

2.*

2.0.5
2.0.6
2.0.8
2.0.9
2.0.11
2.0.11.1
2.0.11.2
2.0.12
2.0.14
2.1.2
2.1.6
2.1.8
2.1.8.1
2.2.1
2.2.1.1
2.2.3
2.2.3.1
2.3.1
2.3.1.1
2.3.1.2
2.3.3
2.3.4
2.3.4.1
2.3.7
2.3.8
2.3.12
2.3.14
2.3.14.1
2.3.14.2
2.3.14.3
2.3.15
2.3.15.1
2.3.15.2
2.3.15.3
2.3.16
2.3.16.1
2.3.16.2
2.3.16.3
2.3.20
2.3.20.1
2.3.20.3
2.3.24
2.3.24.1
2.3.24.3
2.3.28
2.3.28.1
2.3.29
2.3.30
2.3.31
2.3.32
2.3.33
2.3.34
2.3.35
2.3.36
2.3.37
2.5-BETA1
2.5-BETA2
2.5-BETA3
2.5
2.5.1
2.5.2
2.5.5
2.5.8
2.5.10
2.5.10.1
2.5.12
2.5.13
2.5.14
2.5.14.1
2.5.16
2.5.17
2.5.18
2.5.20