{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14502?format=json","vulnerability_id":"VCID-ws2y-bbks-5kb1","summary":"Code execution in Apache Struts 1 plugin\nThe Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.","aliases":[{"alias":"CVE-2017-9791"},{"alias":"GHSA-29rm-6752-gvwv"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/223409?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/223410?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/223411?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/223412?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/223413?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/223414?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223415?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/223416?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/223417?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/223418?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/223419?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/223420?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/223421?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223422?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223423?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223424?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/223425?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223426?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223427?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223428?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/223429?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/223430?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/223431?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223432?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/223433?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/223434?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.12"},{"url":"http://public2.vulnerablecode.io/api/packages/223435?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14"},{"url":"http://public2.vulnerablecode.io/api/packages/223436?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223437?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/223438?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.14.3"},{"url":"http://public2.vulnerablecode.io/api/packages/223439?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/223440?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223441?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.2"},{"url":"http://public2.vulnerablecode.io/api/packages/223442?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.15.3"},{"url":"http://public2.vulnerablecode.io/api/packages/223443?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16"},{"url":"http://public2.vulnerablecode.io/api/packages/223444?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223445?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.2"},{"url":"http://public2.vulnerablecode.io/api/packages/223446?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.16.3"},{"url":"http://public2.vulnerablecode.io/api/packages/223447?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20"},{"url":"http://public2.vulnerablecode.io/api/packages/223448?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223449?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.20.3"},{"url":"http://public2.vulnerablecode.io/api/packages/223450?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24"},{"url":"http://public2.vulnerablecode.io/api/packages/223451?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223452?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.24.3"},{"url":"http://public2.vulnerablecode.io/api/packages/223453?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28"},{"url":"http://public2.vulnerablecode.io/api/packages/223454?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.28.1"},{"url":"http://public2.vulnerablecode.io/api/packages/223455?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.29"},{"url":"http://public2.vulnerablecode.io/api/packages/223456?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.30"},{"url":"http://public2.vulnerablecode.io/api/packages/223457?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.31"},{"url":"http://public2.vulnerablecode.io/api/packages/223458?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.32"},{"url":"http://public2.vulnerablecode.io/api/packages/223459?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.33"},{"url":"http://public2.vulnerablecode.io/api/packages/223460?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.34"},{"url":"http://public2.vulnerablecode.io/api/packages/223461?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.35"},{"url":"http://public2.vulnerablecode.io/api/packages/223462?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.36"},{"url":"http://public2.vulnerablecode.io/api/packages/50892?format=json","purl":"pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-79j9-v8gz-rfax"},{"vulnerability":"VCID-gfxq-vtry-bqgg"},{"vulnerability":"VCID-hgj2-vqzn-gyeb"},{"vulnerability":"VCID-hpm1-euf1-vff1"},{"vulnerability":"VCID-ws2y-bbks-5kb1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.struts/struts2-struts1-plugin@2.3.37"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9791.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9791.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9791","reference_id":"","reference_type":"","scores":[{"value":"0.94077","scoring_system":"epss","scoring_elements":"0.99907","published_at":"2026-05-09T12:55:00Z"},{"value":"0.94127","scoring_system":"epss","scoring_elements":"0.99914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.94127","scoring_system":"epss","scoring_elements":"0.99915","published_at":"2026-04-29T12:55:00Z"},{"value":"0.94239","scoring_system":"epss","scoring_elements":"0.99927","published_at":"2026-04-02T12:55:00Z"},{"value":"0.94239","scoring_system":"epss","scoring_elements":"0.99929","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94239","scoring_system":"epss","scoring_elements":"0.99928","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9791"},{"reference_url":"https://github.com/apache/struts/commit/ffe0e20edd9d5386f4410fddd970286a69373243","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/struts/commit/ffe0e20edd9d5386f4410fddd970286a69373243"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180706-0002","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20180706-0002"},{"reference_url":"http://struts.apache.org/docs/s2-048.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/"}],"url":"http://struts.apache.org/docs/s2-048.html"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9791","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9791"},{"reference_url":"https://www.exploit-db.com/exploits/42324","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/42324"},{"reference_url":"https://www.exploit-db.com/exploits/44643","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/44643"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html"},{"reference_url":"http://www.securityfocus.com/bid/99484","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/"}],"url":"http://www.securityfocus.com/bid/99484"},{"reference_url":"http://www.securitytracker.com/id/1038838","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/"}],"url":"http://www.securitytracker.com/id/1038838"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1469265","reference_id":"1469265","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1469265"},{"reference_url":"https://www.exploit-db.com/exploits/42324/","reference_id":"42324","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/"}],"url":"https://www.exploit-db.com/exploits/42324/"},{"reference_url":"https://www.exploit-db.com/exploits/44643/","reference_id":"44643","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-06T21:07:10Z/"}],"url":"https://www.exploit-db.com/exploits/44643/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44643.rb","reference_id":"CVE-2017-9791","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44643.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9791","reference_id":"CVE-2017-9791","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9791"},{"reference_url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/6ec0272ff5ca38c222d68febab4d154c5f96fd3f/modules/exploits/multi/http/struts2_code_exec_showcase.rb","reference_id":"CVE-2017-9791","reference_type":"exploit","scores":[],"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/6ec0272ff5ca38c222d68febab4d154c5f96fd3f/modules/exploits/multi/http/struts2_code_exec_showcase.rb"},{"reference_url":"https://github.com/nixawk/labs/blob/943764ccb3b36a419729062f23972fd0d726bd24/CVE-2017-9791/exploit_S2-048.py","reference_id":"CVE-2017-9791;S2-048","reference_type":"exploit","scores":[],"url":"https://github.com/nixawk/labs/blob/943764ccb3b36a419729062f23972fd0d726bd24/CVE-2017-9791/exploit_S2-048.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/42324.py","reference_id":"CVE-2017-9791;S2-048","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/42324.py"},{"reference_url":"https://github.com/advisories/GHSA-29rm-6752-gvwv","reference_id":"GHSA-29rm-6752-gvwv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-29rm-6752-gvwv"}],"weaknesses":[{"cwe_id":20,"name":"Improper Input Validation","description":"The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[{"date_added":"2017-07-14","description":"Apache Struts 2.3.x Showcase - Remote Code Execution","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2017-07-07","exploit_type":"webapps","platform":"multiple","source_date_updated":"2018-05-17","data_source":"Exploit-DB","source_url":"https://github.com/nixawk/labs/blob/943764ccb3b36a419729062f23972fd0d726bd24/CVE-2017-9791/exploit_S2-048.py"},{"date_added":"2022-02-10","description":"The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.","required_action":"Apply updates per vendor instructions.","due_date":"2022-08-10","notes":"https://nvd.nist.gov/vuln/detail/CVE-2017-9791","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":null,"source_date_updated":null,"data_source":"KEV","source_url":null},{"date_added":null,"description":"This module exploits a remote code execution vulnerability in the Struts Showcase app in the Struts 1 plugin example in Struts 2.3.x series. Remote Code Execution can be performed via a malicious field value.","required_action":null,"due_date":null,"notes":"Reliability:\n  - unknown-reliability\nStability:\n  - unknown-stability\nSideEffects:\n  - unknown-side-effects\n","known_ransomware_campaign_use":false,"source_date_published":"2017-07-07","exploit_type":null,"platform":"Linux,Unix,Windows","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/struts2_code_exec_showcase.rb"}],"severity_range_score":"8.1 - 10.0","exploitability":"2.0","weighted_severity":"9.0","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ws2y-bbks-5kb1"}