[GHSA-4g42-gqrg-4633] Apache Struts vulnerable to memory exhaustion

[ryanmurf]

Updates

• Affected products

Comments
Improvement to the packages and versions to include struts 1.
Struts 1 the groupId was struts from 1.1 to 1.2.9 then was changed to org.apache.struts in >=1.3 to the last release 1.3.10. The artifactId was struts from 1.1 to 1.2.9 and changed to struts-core in >=1.3. This PR adds struts:struts 1.1 to 1.2.9 for affected packages.

[Copilot]

Pull Request Overview

This PR updates the Apache Struts vulnerability advisory (GHSA-4g42-gqrg-4633) to include affected Struts 1.x packages that were previously missing. The changes expand the vulnerability coverage to include the complete range of vulnerable Struts 1 versions across different Maven coordinates.

• Changes the initial vulnerable version from "0" to "2.0.0" for the main Struts 2 package
• Adds org.apache.struts:struts-core package covering versions 1.3.0 to 1.3.10
• Adds struts:struts package covering versions 1.1 to 1.2.9

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[advisory-database]

Hi @ryanmurf! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future!