{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.3.20" }, { "introduced": "0" }, { "last_affected": "2.3.20.1" }, { "introduced": "0" }, { "last_affected": "2.3.20.2" }, { "introduced": "0" }, { "last_affected": "2.3.20.3" }, { "introduced": "0" }, { "last_affected": "2.3.21" }, { "introduced": "0" }, { "last_affected": "2.3.22" }, { "introduced": "0" }, { "last_affected": "2.3.23" }, { "introduced": "0" }, { "last_affected": "2.3.24" }, { "introduced": "0" }, { "last_affected": "2.3.24.1" }, { "introduced": "0" }, { "last_affected": "2.3.24.2" }, { "introduced": "0" }, { "last_affected": "2.3.24.3" }, { "introduced": "0" }, { "last_affected": "2.3.25" }, { "introduced": "0" }, { "last_affected": "2.3.26" }, { "introduced": "0" }, { "last_affected": "2.3.27" }, { "introduced": "0" }, { "last_affected": "2.3.28" }, { "introduced": "0" }, { "last_affected": "2.3.28.1" }, { "introduced": "0" }, { "last_affected": "2.3.29" }, { "introduced": "0" }, { "last_affected": "2.3.30" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "0320310406f6b11cfd235d7a9b866cf1de483a1e" }, { "introduced": "0" }, { "last_affected": "a9974eec5689a7113a6fb1e2096252f0935064dd" }, { "introduced": "0" }, { "last_affected": "d793648069386ce90fc9eae31e119de1a675f15a" }, { "introduced": "0" }, { "last_affected": "bbbf43ec59e7bef3b07e9065dc9784c18a95d58b" }, { "introduced": "0" }, { "last_affected": "a40e9a90bf8b5039728ff312852991e7d580bff4" }, { "introduced": "0" }, { "last_affected": "22573f8de8b33ead0fee88eb67817985464218bb" }, { "introduced": "0" }, { "last_affected": "d469fffed912764f7af2da861319815d088a66e8" }, { "introduced": "0" }, { "last_affected": "925741ad1e8e48c7a6d687fe02d3fdb6386eb64c" }, { "introduced": "0" }, { "last_affected": "7a9863169f7d981be0d2d57437974ae2cc0c8bd3" }, { "introduced": "0" }, { "last_affected": "a6e72347d2179a6d1a84acc0db54615c6f4b274c" }, { "introduced": "0" }, { "last_affected": "36b6fff05cd4a17f75b091c0edd52e0c1e65ec06" }, { "introduced": "0" }, { "last_affected": "8ca0f2fc464f592fa95d8435d0924c3b9da981ef" }, { "introduced": "0" }, { "last_affected": "013077abcb8d450d7313fb9fc766fe45f0b6f9c5" }, { "introduced": "0" }, { "last_affected": "8a59ed02c958db9213f0e54d816882a902891761" }, { "introduced": "0" }, { "last_affected": "0ac8932aa3a1b28a8f950863c17165cdc63b1474" }, { "introduced": "0" }, { "last_affected": "2cf0a7efeb12c8f476e31324dc56456b340ddeab" }, { "introduced": "0" }, { "last_affected": "bb22c585b5b52967fab033dba02cd244cd5b5b7a" }, { "introduced": "0" }, { "last_affected": "5c61c9a5752109a00ccdadbce3d4adb681f82c9a" } ], "repo": "https://github.com/apache/struts", "type": "GIT" } ] } ], "details": "In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side.", "id": "CVE-2016-6795", "modified": "2026-04-01T23:10:05.813876929Z", "published": "2017-09-20T17:29:00.277Z", "references": [ { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/93773" }, { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20180629-0003/" }, { "type": "ADVISORY", "url": "https://struts.apache.org/docs/s2-042.html" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }