VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-rest-plugin@2.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-492x-u9pr-auen Aliases: CVE-2017-9793 GHSA-vwxj-6m5m-rrvh	DoS attack via crafted XML payload processed by REST Plugin using XStream library The REST Plugin in this package is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.	2.5.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-fy9j-w7r2-sugr Aliases: CVE-2017-15707 GHSA-xcrm-qpp8-hcw4	DoS vulnerability The REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.	2.5.14.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.5.16 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t1v1-vm43-sfhg Aliases: CVE-2017-9805 GHSA-gg9m-fj3v-r58c	The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.	2.5.13 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-492x-u9pr-auen
Aliases:
CVE-2017-9793
GHSA-vwxj-6m5m-rrvh

DoS attack via crafted XML payload processed by REST Plugin using XStream library The REST Plugin in this package is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

2.5.13
Affected by 6 other vulnerabilities.

VCID-fy9j-w7r2-sugr
Aliases:
CVE-2017-15707
GHSA-xcrm-qpp8-hcw4

DoS vulnerability The REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

2.5.14.1
Affected by 5 other vulnerabilities.

2.5.16
Affected by 4 other vulnerabilities.

VCID-t1v1-vm43-sfhg
Aliases:
CVE-2017-9805
GHSA-gg9m-fj3v-r58c

The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.

2.5.13
Affected by 6 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:56:45.719857+00:00	GHSA Importer	Affected by	VCID-t1v1-vm43-sfhg	https://github.com/advisories/GHSA-gg9m-fj3v-r58c	38.0.0
2026-04-01T15:56:45.597209+00:00	GHSA Importer	Affected by	VCID-492x-u9pr-auen	https://github.com/advisories/GHSA-vwxj-6m5m-rrvh	38.0.0
2026-04-01T15:56:45.419464+00:00	GHSA Importer	Affected by	VCID-fy9j-w7r2-sugr	https://github.com/advisories/GHSA-xcrm-qpp8-hcw4	38.0.0
2026-04-01T12:48:02.390388+00:00	GitLab Importer	Affected by	VCID-t1v1-vm43-sfhg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2017-9805.yml	38.0.0