The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
Metrics
Affected Vendors & Products
References
History
Wed, 14 Aug 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2017-09-15T19:00:00
Updated: 2024-08-05T17:18:01.942Z
Reserved: 2017-06-21T00:00:00
Link: CVE-2017-9805
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-09-15T19:29:00.237
Modified: 2024-11-21T03:36:53.557
Link: CVE-2017-9805
Redhat