org.apache.struts:struts2-rest-plugin
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.struts:struts2-rest-pluginpage 1 of 1
- CVE-2013-4316NONECVSS 0.0✓ Fixed in 2.3.15.22013-09-30
vulnerable: 2.1.2 ... 2.3.8 (23 versions)
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
- CVE-2016-4438CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.3.292016-07-04
vulnerable: 2.3.20 ... 2.3.28.1 (8 versions)
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
- CVE-2017-15707MEDIUMCVSS 6.2EG 6.2✓ Fixed in 2.5.162017-12-01
vulnerable: 2.5 ... 2.5.8 (11 versions)
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
- CVE-2017-9793HIGHCVSS 7.5EG 7.5✓ Fixed in 2.5.132017-09-20
vulnerable: 2.5 ... 2.5.8 (8 versions)
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
- CVE-2017-9805HIGHCVSS 8.1EG 9.0⚠ KEV✓ Fixed in 2.5.132017-09-15
vulnerable: 2.5 ... 2.5.8 (8 versions)
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when dese…
- CVE-2018-1327HIGHCVSS 7.5✓ Fixed in 2.5.162018-03-27
vulnerable: 2.1.2 ... 2.5.8 (60 versions)
The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optio…
Check whether org.apache.struts:struts2-rest-plugin is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.struts:struts2-rest-plugin CVEs against the assets you own.
Start Free Scan →