search

turkdevops / snyk

CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
https://snyk.io
Other
1 stars 2 forks source link

CVE-2023-34149 (Medium) detected in struts2-core-2.3.20.jar #307

Open mend-bolt-for-github[bot] opened 9 months ago

mend-bolt-for-github[bot] commented 9 months ago

CVE-2023-34149 - Medium Severity Vulnerability

Vulnerable Library - struts2-core-2.3.20.jar

Apache Struts 2

Path to vulnerable library: /home/wss-scanner/.ivy2/cache/org.apache.struts/struts2-core/jars/struts2-core-2.3.20.jar

Dependency Hierarchy: - small-app_2.10-1.0-SNAPSHOT (Root Library) - :x: **struts2-core-2.3.20.jar** (Vulnerable Library)

Found in HEAD commit: 9505f4ca92405cc9273dc3726c2d274ce28a4407

Found in base branch: ALL_HANDS/major-secrets

Vulnerability Details

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

Publish Date: 2023-06-14

URL: CVE-2023-34149

CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-8f6x-v685-g2xc

Release Date: 2023-06-14

Fix Resolution: org.apache.struts:struts2-core:2.5.31,6.1.2.1

Step up your Open Source Security Game with Mend here