Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.20.2

Type maven

Namespace org.apache.struts

Name struts2-rest-plugin

Version 2.3.20.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.3.34

Latest_non_vulnerable_version 6.3.0.2

Affected_by_vulnerabilities

url VCID-2f37-y2q9-e7h4

vulnerability_id VCID-2f37-y2q9-e7h4

summary

DoS attack via crafted XML payload processed by REST Plugin using XStream library
The REST Plugin in this package is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

references

reference_url	https://struts.apache.org/docs/s2-051.html
reference_id
reference_type
scores
url	https://struts.apache.org/docs/s2-051.html

reference_url	http://www.securityfocus.com/bid/100611
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100611

reference_url	http://www.securitytracker.com/id/1039262
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039262

reference_url	https://access.redhat.com/security/cve/CVE-2017-9793
reference_id	CVE-2017-9793
reference_type
scores
url	https://access.redhat.com/security/cve/CVE-2017-9793

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9793
reference_id	CVE-2017-9793
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9793

fixed_packages

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.20.3

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.20.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-npge-yn8z-6fac

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.20.3

url pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.24

purl pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-npge-yn8z-6fac

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.24

url	pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.34
purl	pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.34
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.34

url	pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13
purl	pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.13

aliases CVE-2017-9793

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2f37-y2q9-e7h4

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-rest-plugin@2.3.20.2

Package Instance