Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Improper Input Validation
Created by: armorcodegithubpreprod[bot]
Findings for SCA, High, [TheRedHatter/javagoof:todolist-web-struts/pom.xml]:Improper Input Validation
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[2,2.3.28)
- Vulnerable Path: >null
Overview
org.apache.struts.xwork:xwork-core is a generic command pattern framework. It forms the core of Struts 2.
Affected versions of this package are vulnerable to Improper Input Validation via a %{}
sequence in a tag attribute, aka forced double OGNL evaluation.
References
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): >[3.2.0.RELEASE,4.3.29.RELEASE),[5.0.0.RELEASE, 5.0.19.RELEASE),[5.1.0.RELEASE, 5.1.18.RELEASE),[5.2.0.RELEASE, 5.2.9.RELEASE)
- Vulnerable Path: >null
Overview
org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform.
Affected versions of this package are vulnerable to Improper Input Validation. The protections against Reflected File Download attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid
path parameter.
References
Snyk Project Status: Active