Org.apache.struts:struts2-rest-plugin
This hub aggregates every CVE we track for Org.apache.struts:struts2-rest-plugin, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
2
Critical
3
High
1
In CISA KEV
Severity distribution
HIGH3CRITICAL2MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Org.apache.struts:struts2-rest-plugin.
- CVE-2018-1327The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache St...7.5
- CVE-2017-15707In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.6.2
- CVE-2017-9793The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request w...7.5
- CVE-2017-9805The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which c...KEV8.1
- CVE-2016-4438The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.9.8
- CVE-2013-4316Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.10.0
Product normalization is registry-driven with AI assist and human review. How it works