FAIL › dossier

Struts product

5
failure events
0
zero-days
5
RCEs
5
on KEV
1
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 5 events

DateEventSevFlagsShameSummary
2021-11-03 CVE-2017-5638 critical ⚡RCE ⌖KEV 95 Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
2022-03-25 CVE-2013-2251 high ⚡RCE ⌖KEV 65 Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
2021-11-03 CVE-2017-9805 high ⚡RCE ⌖KEV 65 Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.
2021-11-03 CVE-2020-17530 high ⚡RCE ⌖KEV 65 Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
2021-11-03 CVE-2018-11776 high ⚡RCE ⌖KEV 65 Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuratio