You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: ksa/ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,ksa/ksa-web-root/ksa-web/target/ROOT/WEB-INF/lib/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar
mend-for-github-combot
changed the title
CVE-2019-0230 (Medium) detected in struts2-core-2.3.31.jar
CVE-2019-0230 (High) detected in struts2-core-2.3.31.jar
Oct 8, 2020
CVE-2019-0230 - High Severity Vulnerability
Vulnerable Library - struts2-core-2.3.31.jar
Apache Struts 2
Path to dependency file: ksa/ksa-web-root/ksa-statistics-web/pom.xml
Path to vulnerable library: canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,ksa/ksa-web-root/ksa-web/target/ROOT/WEB-INF/lib/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar,canner/.m2/repository/org/apache/struts/struts2-core/2.3.31/struts2-core-2.3.31.jar
Dependency Hierarchy:
Found in HEAD commit: f9c447c914224520fcff8000f77df4b5d77692a8
Found in base branch: master
Vulnerability Details
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Publish Date: 2020-09-14
URL: CVE-2019-0230
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cwiki.apache.org/confluence/display/ww/s2-059
Release Date: 2020-07-21
Fix Resolution: org.apache.struts:struts2-core:2.5.22
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: