CVE-2013-2251 (High) detected in struts2-core-2.3.1.2.jar #12

mend-for-github-com · 2020-03-25T14:52:44Z

CVE-2013-2251 - High Severity Vulnerability

Vulnerable Library - struts2-core-2.3.1.2.jar

Apache Struts 2

Path to dependency file: /tmp/ws-scm/Struts2Example/pom.xml

Path to vulnerable library: 20200325141938/downloadResource_d50070f4-1279-48e5-8366-a2fcdc735d7c/20200325145151/struts2-core-2.3.1.2.jar

Dependency Hierarchy:

❌ struts2-core-2.3.1.2.jar (Vulnerable Library)

Found in HEAD commit: 20d7b6df1b42979ec0033b63405d552a70d92b0c

Vulnerability Details

Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

Publish Date: 2013-07-20

URL: CVE-2013-2251

CVSS 2 Score Details (9.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251

Release Date: 2013-07-20

Fix Resolution: 2.3.16

Check this box to open an automated fix PR

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 25, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2013-2251 (High) detected in struts2-core-2.3.1.2.jar #12

CVE-2013-2251 (High) detected in struts2-core-2.3.1.2.jar #12

mend-for-github-com bot commented Mar 25, 2020

CVE-2013-2251 (High) detected in struts2-core-2.3.1.2.jar #12

CVE-2013-2251 (High) detected in struts2-core-2.3.1.2.jar #12

Comments

mend-for-github-com bot commented Mar 25, 2020

CVE-2013-2251 - High Severity Vulnerability