FAIL › dossier
Struts product
5
failure events
0
zero-days
5
RCEs
5
on KEV
1
critical
95
worst shame
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
Failure history 5 events
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2021-11-03 | CVE-2017-5638 | critical | ⚡RCE ⌖KEV | 95 | Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution. |
| 2022-03-25 | CVE-2013-2251 | high | ⚡RCE ⌖KEV | 65 | Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. |
| 2021-11-03 | CVE-2017-9805 | high | ⚡RCE ⌖KEV | 65 | Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. |
| 2021-11-03 | CVE-2020-17530 | high | ⚡RCE ⌖KEV | 65 | Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution. |
| 2021-11-03 | CVE-2018-11776 | high | ⚡RCE ⌖KEV | 65 | Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuratio |