Apache Struts Extras
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apache Struts Extras.
By the Year
In 2025 there have been 1 vulnerability in Apache Struts Extras with an average score of 6.5 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 1 | 6.50 |
It may take a day or so for new Struts Extras vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apache Struts Extras Security Vulnerabilities
Apache Struts Extras Log Injection via LookupDispatchAction
CVE-2025-54656
6.5 - Medium
- July 30, 2025
** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead to log output where part of the message masquerades as a separate log line, confusing consumers of the logs (either human or automated). As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Improper Output Neutralization for Logs
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apache Struts Extras or by Apache? Click the Watch button to subscribe.
