The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.

Affected Packages

Maven org.apache.struts:struts2-rest-plugin

Affected versions: 0 (fixed in 2.3.34)

Maven org.apache.struts:struts2-rest-plugin

Affected versions: 2.5.0 (fixed in 2.5.13)

Related CVEs

CVE-2017-9793

Key Information

GHSA ID

GHSA-vwxj-6m5m-rrvh

Published

October 16, 2018 7:37 PM

Last Modified

April 26, 2022 7:02 PM

CVSS Score

7.5 /10

Primary Ecosystem

Maven

Primary Package

org.apache.struts:struts2-rest-plugin

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 20, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.