GHSA-wv7g-xhvw-8hcp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wv7g-xhvw-8hcp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wv7g-xhvw-8hcp/GHSA-wv7g-xhvw-8hcp.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wv7g-xhvw-8hcp
- Aliases
-
- CVE-2008-6505
- Published
- 2022-05-17T05:52:21Z
- Modified
- 2024-12-06T05:27:30.651786Z
- Summary
- Apache Struts directory traversal vulnerability
- Details
-
Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a
..%252f(encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x. - Database specific
{ "nvd_published_at": "2009-03-23T14:19:00Z", "github_reviewed_at": "2024-02-09T19:12:25Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2008-6505
- https://github.com/apache/struts/commit/04fcefa44bae1263c7cad6986a9dafed67f0164f
- https://github.com/apache/struts/commit/1f1c996eb1f0f3e2193fba0075f62ccd04e3c0c3
- https://github.com/apache/struts
- https://web.archive.org/web/20081208214512/http://secunia.com/advisories/32497
- https://web.archive.org/web/20111025094319/http://www.securityfocus.com/bid/32104
- http://issues.apache.org/struts/browse/WW-2779
- http://struts.apache.org/2.x/docs/s2-004.html
Affected packages
Maven / org.apache.struts:struts2-core
Package
- Name
- org.apache.struts:struts2-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.struts/struts2-core
Maven / org.apache.struts:struts2-core
Package
- Name
- org.apache.struts:struts2-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.struts/struts2-core