CVE-2017-9793 – org.apache.struts:struts2-rest-plugin

Package

Manager: maven
Name: org.apache.struts:struts2-rest-plugin
Vulnerable Version: >=0 <2.3.34 || >=2.5.0 <2.5.13

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.13427 pctl0.93945

Details

The REST Plugin in Apache Struts is using an outdated XStream library The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Metadata

Created: 2018-10-16T19:37:22Z
Modified: 2022-04-26T19:02:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-vwxj-6m5m-rrvh/GHSA-vwxj-6m5m-rrvh.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-vwxj-6m5m-rrvh
Finding: F184
Auto approve: 1