Apache Struts CVE-2017-9805 Code Injection Vulnerability
Description
The REST Plugin is using aXStreamHandlerwith an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Executionwhen deserializing XML payloads.
Affected Applications
Apache Struts