CVE-2016-4438

Published: Jul 5, 2016
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2016-4438" target="_blank" rel="noopener"> CVE-2016-4438
GHSA: <a href="https://github.com/advisories/GHSA-4prj-vw9j-v6pr" target="_blank" rel="noopener"> GHSA-4prj-vw9j-v6pr
Severity: Critical
Exploit:

The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
apache / struts	2.3.28	2.3.28.x
apache / struts	2.3.24.1	2.3.24.1.x
apache / struts	2.3.24.3	2.3.24.3.x
apache / struts	2.3.20.1	2.3.20.1.x
apache / struts	2.3.24	2.3.24.x
apache / struts	2.3.20.3	2.3.20.3.x
apache / struts	2.3.20	2.3.20.x
org.apache.struts / struts2-core	-	2.3.29