GHSA-vrwc-qjmw-5rjm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vrwc-qjmw-5rjm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vrwc-qjmw-5rjm/GHSA-vrwc-qjmw-5rjm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vrwc-qjmw-5rjm
- Aliases
-
- CVE-2014-0094
- Published
- 2022-05-14T00:54:15Z
- Modified
- 2024-12-06T05:29:45.096096Z
- Summary
- ClassLoader manipulation in Apache Struts
- Details
-
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
- Database specific
{ "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [], "github_reviewed_at": "2022-11-03T22:54:35Z", "nvd_published_at": "2014-03-11T13:00:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0094
- https://github.com/apache/struts/commit/2e2da292166adbc78c4cb1e308b30ddb4fba6d3f
- https://github.com/apache/struts/commit/6315241719be167542962da436b38782ed730c62
- https://github.com/apache/struts
- http://jvn.jp/en/jp/JVN19294237/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2014-000045
- http://packetstormsecurity.com/files/127215/VMware-Security-Advisory-2014-0007.html
- http://struts.apache.org/release/2.3.x/docs/s2-020.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21676706
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm
- http://www.konakart.com/downloads/ver-7-3-0-0-whats-new
- http://www.vmware.com/security/advisories/VMSA-2014-0007.html
Affected packages
Maven / org.apache.struts:struts2-core
Package
- Name
- org.apache.struts:struts2-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.struts/struts2-core
Maven / org.apache.struts.xwork:xwork-core
Package
- Name
- org.apache.struts.xwork:xwork-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.struts.xwork/xwork-core