VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-rest-plugin@2.1.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-bgbt-j1n9-6yg5 Aliases: CVE-2018-1327 GHSA-38cr-2ph5-frr9	The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.	2.5.16 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t1v1-vm43-sfhg Aliases: CVE-2017-9805 GHSA-gg9m-fj3v-r58c	The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.	2.3.34 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-bgbt-j1n9-6yg5
Aliases:
CVE-2018-1327
GHSA-38cr-2ph5-frr9

The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16.

2.5.16
Affected by 4 other vulnerabilities.

VCID-t1v1-vm43-sfhg
Aliases:
CVE-2017-9805
GHSA-gg9m-fj3v-r58c

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

2.3.34
Affected by 6 other vulnerabilities.

2.5.13
Affected by 6 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:56:45.762725+00:00	GHSA Importer	Affected by	VCID-t1v1-vm43-sfhg	https://github.com/advisories/GHSA-gg9m-fj3v-r58c	38.0.0
2026-04-01T15:56:45.312424+00:00	GHSA Importer	Affected by	VCID-bgbt-j1n9-6yg5	https://github.com/advisories/GHSA-38cr-2ph5-frr9	38.0.0
2026-04-01T12:48:02.388101+00:00	GitLab Importer	Affected by	VCID-t1v1-vm43-sfhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2017-9805.yml	38.0.0
2026-04-01T12:47:38.077901+00:00	GitLab Importer	Affected by	VCID-bgbt-j1n9-6yg5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2018-1327.yml	38.0.0