org.apache.struts:struts2-assembly (>=2.5.1 <=2.5.12), org.apache.struts:struts2-rest-showcase (>=2.5.1 <=2.5.12) potentially affected by CVE-2017-9793 +1 more via org.apache.struts:struts2-rest-plugin (>=2.5.1 <=2.5.12)

org.apache.struts:struts2-rest-plugin MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.12 Source cves: CVE-2017-9793, CVE-2017-9805 Source advisory: OSV:GHSA-VWXJ-6M5M-RRVH...

Denial Of Service (DoS)

struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible through the use of a vulnerable version of the json-lib library. Attackers can trigger a DoS attack using a JSON payload which causes a memory leak to occur...

Apache Struts2 REST plugin remote code execution vulnerability

Struts2 is the Apache Software Foundation is responsible for maintaining a MVC-based design pattern of the Web application framework for open source projects . Apache Struts2 REST plugin has a remote code execution vulnerability , due to the use of XStream component on the XML format of the packe...

Denial Of Service (DoS)

struts2-rest-plugin is vulnerable to denial of service DoS attacks. These attacks are possible because it is using a version of xwork-core that is vulnerable to CVE-2017-7957...

Remote Code Execution (RCE)

struts2-rest-plugin is vulnerable to remote code execution RCE attacks. The vulnerability exists as XStream objects are being deserialized without any type filtering...