[Snyk-dev] Upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.31 by j-sp4 · Pull Request #96 · j-sp4/java-goof

j-sp4 · 2023-08-23T15:50:34Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.31.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 45 versions ahead of your current version.
The recommended version was released 2 months ago, on 2023-06-13.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Command Injection SNYK-JAVA-ORGAPACHESTRUTS-30770	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30771	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-30772	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Denial of Service (DoS) SNYK-JAVA-COMMONSFILEUPLOAD-30082	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Parameter Alteration SNYK-JAVA-ORGAPACHESTRUTSXWORK-30798	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31501	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31502	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-2635340	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Manipulation of Struts' internals SNYK-JAVA-ORGAPACHESTRUTS-30060	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Cross-site Request Forgery (CSRF) SNYK-JAVA-ORGAPACHESTRUTS-30774	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30776	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Arbitrary Command Execution SNYK-JAVA-ORGAPACHESTRUTS-31495	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTS-30773	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-COMMONSFILEUPLOAD-30401	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Server-side Template Injection (SSTI) SNYK-JAVA-ORGFREEMARKER-1076795	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30799	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTS-30775	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-31500	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Denial of Service (DoS) SNYK-JAVA-ORGAPACHESTRUTS-608098	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Proof of Concept
Unrestricted Upload of File with Dangerous Type SNYK-JAVA-ORGAPACHESTRUTS-609765	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Information Exposure SNYK-JAVA-COMMONSFILEUPLOAD-31540	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-1049003	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-31503	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Denial of Service (DoS) SNYK-JAVA-OGNL-30474	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTS-30207	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Directory Traversal SNYK-JAVA-ORGAPACHESTRUTS-30778	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Access Restriction Bypass SNYK-JAVA-ORGAPACHESTRUTSXWORK-30802	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Arbitrary Code Execution SNYK-JAVA-ORGAPACHESTRUTSXWORK-30803	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Command Injection SNYK-JAVA-ORGAPACHESTRUTSXWORK-451611	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Insecure Defaults SNYK-JAVA-ORGAPACHESTRUTSXWORK-474418	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-5811864	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Remote Code Execution SNYK-JAVA-ORGAPACHESTRUTS-32477	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature
Cross-site Scripting (XSS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30800	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Improper Input Validation SNYK-JAVA-ORGAPACHESTRUTSXWORK-30801	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTSXWORK-30804	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Improper Action Name Cleanup SNYK-JAVA-ORGAPACHESTRUTS-451610	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JAVA-ORGAPACHESTRUTS-460223	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Allocation of Resources Without Limits or Throttling SNYK-JAVA-ORGAPACHESTRUTS-5707101	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	No Known Exploit
Remote Code Execution (RCE) SNYK-JAVA-ORGAPACHESTRUTS-608097	705/1000 Why? Mature exploit, Has a fix available, CVSS 8.1	Mature

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.31. See this package in Maven Repository: https://mvnrepository.com/artifact/org.apache.struts/struts2-core/ See this project in Snyk: https://app.dev.snyk.io/org/james.spoor/project/c6d3b8b6-8caf-4ba8-b556-575630dbcbdb?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk-dev] Upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.31#96

[Snyk-dev] Upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.31#96
j-sp4 wants to merge 1 commit intomasterfrom
snyk-upgrade-08092ca462dff3540eaaf97e652c8341

j-sp4 commented Aug 23, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

j-sp4 commented Aug 23, 2023

Snyk has created this PR to upgrade org.apache.struts:struts2-core from 2.3.20 to 2.5.31.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants