CVE-2017-9791: Code execution in Apache Struts 1 plugin
(updated )
The Struts 1 plugin used with Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.
References
- github.com/advisories/GHSA-29rm-6752-gvwv
- github.com/apache/struts/commit/ffe0e20edd9d5386f4410fddd970286a69373243
- nvd.nist.gov/vuln/detail/CVE-2017-9791
- security.netapp.com/advisory/ntap-20180706-0002
- www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-9791
- www.exploit-db.com/exploits/42324
- www.exploit-db.com/exploits/44643
Code Behaviors & Features
Detect and mitigate CVE-2017-9791 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →