CVE-2017-9791

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-9791

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9791.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-9791

Aliases

GHSA-29rm-6752-gvwv

Published

2017-07-10T16:29:00.277Z

Modified

2025-11-14T05:22:36.495185Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type: GIT
Repo: https://github.com/apache/struts
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0320310406f6b11cfd235d7a9b866cf1de483a1e

Last affected

0ac8932aa3a1b28a8f950863c17165cdc63b1474

Last affected

183be6b2986755eeac9b86eed9138304a30ff45e

Last affected

1ed29d508fc0a3762ad7d16336a71adcf69bd88d

Last affected

28297863aee4d747638ce5b6f22262ac6a118ae0

Last affected

2cf0a7efeb12c8f476e31324dc56456b340ddeab

Last affected

3565f4d4f5c4c85a1ffab9e6169c86527aa6f4c7

Last affected

36b6fff05cd4a17f75b091c0edd52e0c1e65ec06

Last affected

402374de33146e1c0401a247e0779e290cb0c078

Last affected

4b5f5619ddeda22f7f358431f604df580f1e61a1

Last affected

5c61c9a5752109a00ccdadbce3d4adb681f82c9a

Last affected

6246b8e12eb5abee95916b948a7a97e4d736f10b

Last affected

676a011b4f4d211e167465f3ffb03894c8f60334

Last affected

6cddee6fc539429544b28a96361a8af7a0691108

Last affected

7a9863169f7d981be0d2d57437974ae2cc0c8bd3

Last affected

7d7d3fc42b013f0983a16473b10ed24efb988e0e

Last affected

7dd83dff485d324980f3d22c726cfd969ecf41f8

Last affected

8931ac19ea504a167f4d0c8e57ccc8f7f09f4135

Last affected

925741ad1e8e48c7a6d687fe02d3fdb6386eb64c

Last affected

9df00b0a864fac2e763b7c26ba99af057202f0f3

Last affected

a72c1f4262a57bfe2819c6def81620d02d7867fb

Last affected

a9974eec5689a7113a6fb1e2096252f0935064dd

Last affected

b2fe62824eebd213625d23378b5307dcb1b82c77

Last affected

bb22c585b5b52967fab033dba02cd244cd5b5b7a

Last affected

bbbf43ec59e7bef3b07e9065dc9784c18a95d58b

Last affected

bc6094eece7dfa65e7439cd018d58e85c5d41e47

Last affected

de90290354a1c6c819687305e053232bc8a4a697

Last affected

e03ff728618f5bf551083fc3a52d43c07434bbc9

Last affected

e5009a34202777b53c5dc36e020d0033aa8be027

Last affected

f0c159d871ee741e0cc74fe858cc7be79841078c

Last affected

f15f28a1766fe991de85c8cd089b102f77915319

Last affected

fc3df96990bafdecc6f3a89cf7a4dcf15066c687

Last affected

fd206c1386cc113e3f5b52fbc5b2f15a458b31b4

Affected versions

Other

STRUTS_2_2_1

STRUTS_2_3_14

STRUTS_2_3_16_1

STRUTS_2_3_16_2

STRUTS_2_3_16_3

STRUTS_2_3_17

STRUTS_2_3_19

STRUTS_2_3_20

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9791.json"