org.apache.struts:struts2-assembly (>=2.2.1 <=2.3.37), org.apache.struts:struts2-showcase (>=2.0.5 <=2.3.37) potentially affected by CVE-2017-9791 +1 more via org.apache.struts:struts2-struts1-plugin (>=2.0.5 <=2.3.37)

org.apache.struts:struts2-struts1-plugin MAVEN version =2.0.5, =2.2.1, =2.0.5, =2.3.37 Source cves: CVE-2017-9791, CVE-2017-9805 Source advisory: OSV:GHSA-29RM-6752-GVWV...

The vulnerability of the Struts 1 plugin for the Apache Struts software platform allows attackers to execute arbitrary code.

The vulnerability of the Struts 1 plugin for the Apache Struts software framework exists due to insufficient validation of data entered by users, which is part of the message. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...