Open mend-bolt-for-github[bot] opened 7 months ago
Apache Struts 2
Path to dependency file: /pom.xml
Path to vulnerable library: /canner/.m2/repository/org/apache/struts/struts2-core/2.3.37/struts2-core-2.3.37.jar
Dependency Hierarchy: - :x: **struts2-core-2.3.37.jar** (Vulnerable Library)
Found in HEAD commit: 34ce0f6524391068ef5b880f65575eb3eb499124
Found in base branch: master
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
Publish Date: 2023-06-14
URL: CVE-2023-34149
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-8f6x-v685-g2xc
Release Date: 2023-06-14
Fix Resolution: 2.5.31
Step up your Open Source Security Game with Mend here
CVE-2023-34149 - Medium Severity Vulnerability
Apache Struts 2
Path to dependency file: /pom.xml
Path to vulnerable library: /canner/.m2/repository/org/apache/struts/struts2-core/2.3.37/struts2-core-2.3.37.jar
Dependency Hierarchy: - :x: **struts2-core-2.3.37.jar** (Vulnerable Library)
Found in HEAD commit: 34ce0f6524391068ef5b880f65575eb3eb499124
Found in base branch: master
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
Publish Date: 2023-06-14
URL: CVE-2023-34149
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-8f6x-v685-g2xc
Release Date: 2023-06-14
Fix Resolution: 2.5.31
Step up your Open Source Security Game with Mend here