Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rg58-xhh7-mqjw: Apache Struts has a Denial of Service vulnerability

Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion.

This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3.

Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue.

ghsa
Open in Source
#vulnerability#dos#apache#git#java#intel#maven

Skip to content

Navigation Menu

    • AI CODE CREATION

      • GitHub CopilotWrite better code with AI

      • GitHub SparkBuild and deploy intelligent apps

      • GitHub ModelsManage and compare prompts

      • MCP RegistryNewIntegrate external tools

View all features
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-66675

Apache Struts has a Denial of Service vulnerability

High severity GitHub Reviewed Published Dec 10, 2025 to the GitHub Advisory Database • Updated Dec 10, 2025

Package

maven org.apache.struts:struts2-core (Maven)

Affected versions

>= 2.0.0, < 6.8.0

>= 7.0.0, < 7.1.1

Patched versions

6.8.0

7.1.1

Description

Published to the GitHub Advisory Database

Dec 10, 2025

Last updated

Dec 10, 2025

EPSS score

ghsa: Latest News

GHSA-vx9q-rhv9-3jvg: aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer
ghsa