19494718865f2fb7da5ea363de3822f87fbda264 | Vulnerability History Project

The Vulnerability History Project

Allows define allowed classes per action

by Randy the Sloth 2017-08-21 11:17:31 UTC

commit 19494718865f2fb7da5ea363de3822f87fbda264

Struts Fix overtrusting xml handler CVE-2017-9805

plugins/rest/src/main/java/org/apache/struts2/rest/handler/AllowedClassNames.java

-26

plugins/rest/src/main/java/org/apache/struts2/rest/handler/AllowedClasses.java

-26

plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamHandler.java

+3 -78

plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamPermissionProvider.java

-28

expand_less