org.apache.struts:struts2-rest-plugin (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.apache.struts:struts2-rest-plugin, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2013-4316 — CVSS 10.0 (critical): Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
CVE-2016-4438 — CVSS 9.8 (critical): The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
CVE-2017-9793 — CVSS 7.5 (high): The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is…
CVE-2018-1327 — CVSS 7.5 (high): The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request…
CVE-2017-15707 — CVSS 6.2 (medium): In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack…