Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ws2y-bbks-5kb1
Summary
Code execution in Apache Struts 1 plugin
The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
Aliases
0
alias CVE-2017-9791
1
alias GHSA-29rm-6752-gvwv
Fixed_packages
Affected_packages
0
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.5
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.5
1
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.6
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.6
2
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.8
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.8
3
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.9
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.9
4
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11
5
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.1
6
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.2
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.2
7
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.12
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.12
8
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.14
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.14
9
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.2
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.2
10
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.6
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.6
11
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8
12
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8.1
13
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1
14
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1.1
15
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3
16
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3.1
17
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1
18
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.1
19
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.2
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.2
20
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.3
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.3
21
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4
22
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4.1
23
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.7
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.7
24
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.8
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.8
25
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.12
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.12
26
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14
27
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.1
28
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.2
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.2
29
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.3
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.3
30
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15
31
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.1
32
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.2
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.2
33
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.3
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.3
34
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16
35
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.1
36
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.2
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.2
37
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.3
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.3
38
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20
39
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.1
40
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.3
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.3
41
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24
42
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.1
43
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.3
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.3
44
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28
45
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28.1
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28.1
46
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.29
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.29
47
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.30
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.30
48
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.31
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.31
49
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.32
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.32
50
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.33
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.33
51
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.34
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.34
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.34
52
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.35
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.35
53
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.36
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.36
54
url pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.37
purl pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-79j9-v8gz-rfax
1
vulnerability VCID-gfxq-vtry-bqgg
2
vulnerability VCID-hgj2-vqzn-gyeb
3
vulnerability VCID-hpm1-euf1-vff1
4
vulnerability VCID-ws2y-bbks-5kb1
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.37
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9791.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9791.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9791
reference_id
reference_type
scores
0
value 0.94239
scoring_system epss
scoring_elements 0.99929
published_at 2026-04-21T12:55:00Z
1
value 0.94239
scoring_system epss
scoring_elements 0.99927
published_at 2026-04-02T12:55:00Z
2
value 0.94239
scoring_system epss
scoring_elements 0.99928
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9791
2
reference_url https://github.com/apache/struts/commit/ffe0e20edd9d5386f4410fddd970286a69373243
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts/commit/ffe0e20edd9d5386f4410fddd970286a69373243
3
reference_url https://security.netapp.com/advisory/ntap-20180706-0002
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20180706-0002
4
reference_url http://struts.apache.org/docs/s2-048.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/
url http://struts.apache.org/docs/s2-048.html
5
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9791
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9791
6
reference_url https://www.exploit-db.com/exploits/42324
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/42324
7
reference_url https://www.exploit-db.com/exploits/44643
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/44643
8
reference_url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/
url http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html
9
reference_url http://www.securityfocus.com/bid/99484
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/
url http://www.securityfocus.com/bid/99484
10
reference_url http://www.securitytracker.com/id/1038838
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/
url http://www.securitytracker.com/id/1038838
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1469265
reference_id 1469265
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1469265
12
reference_url https://www.exploit-db.com/exploits/42324/
reference_id 42324
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/
url https://www.exploit-db.com/exploits/42324/
13
reference_url https://www.exploit-db.com/exploits/44643/
reference_id 44643
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/
url https://www.exploit-db.com/exploits/44643/
14
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44643.rb
reference_id CVE-2017-9791
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44643.rb
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9791
reference_id CVE-2017-9791
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9791
16
reference_url https://raw.githubusercontent.com/rapid7/metasploit-framework/6ec0272ff5ca38c222d68febab4d154c5f96fd3f/modules/exploits/multi/http/struts2_code_exec_showcase.rb
reference_id CVE-2017-9791
reference_type exploit
scores
url https://raw.githubusercontent.com/rapid7/metasploit-framework/6ec0272ff5ca38c222d68febab4d154c5f96fd3f/modules/exploits/multi/http/struts2_code_exec_showcase.rb
17
reference_url https://github.com/nixawk/labs/blob/943764ccb3b36a419729062f23972fd0d726bd24/CVE-2017-9791/exploit_S2-048.py
reference_id CVE-2017-9791;S2-048
reference_type exploit
scores
url https://github.com/nixawk/labs/blob/943764ccb3b36a419729062f23972fd0d726bd24/CVE-2017-9791/exploit_S2-048.py
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/42324.py
reference_id CVE-2017-9791;S2-048
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/42324.py
19
reference_url https://github.com/advisories/GHSA-29rm-6752-gvwv
reference_id GHSA-29rm-6752-gvwv
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29rm-6752-gvwv
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
0
date_added 2017-07-14
description Apache Struts 2.3.x Showcase - Remote Code Execution
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2017-07-07
exploit_type webapps
platform multiple
source_date_updated 2018-05-17
data_source Exploit-DB
source_url https://github.com/nixawk/labs/blob/943764ccb3b36a419729062f23972fd0d726bd24/CVE-2017-9791/exploit_S2-048.py
1
date_added 2022-02-10
description The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
required_action Apply updates per vendor instructions.
due_date 2022-08-10
notes https://nvd.nist.gov/vuln/detail/CVE-2017-9791
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
2
date_added null
description This module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote Code Execution can be performed via a malicious field value.
required_action null
due_date null
notes 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
known_ransomware_campaign_use false
source_date_published 2017-07-07
exploit_type null
platform Linux,Unix,Windows
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/struts2_code_exec_showcase.rb
Severity_range_score8.1 - 10.0
Exploitability2.0
Weighted_severity9.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ws2y-bbks-5kb1