...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | A RCE attack is possible because of a vulnerability in the XStream librarywhen using the Struts REST plugin with XStream handler to deserialise XML requests |
Maximum security rating | Critical |
Recommendation | Upgrade to Struts 2.5.13 |
Affected Software | Struts 2.3.7 - Struts 2.3.33, Struts 2.5 - Struts 2.5.12 |
Reporter | Man Yue Mo <mmo at semmle dot com> |
CVE Identifier | CVE-2017-97939805 |
Problem
The REST Plugin is using a XStreamHandler
with an instance of XStream for deserialization without any type filtering and this can leads lead to Remote Code Execution when deserializing XML payloads.
...