0.975 High
EPSS
Percentile
100.0%
The REST Plugin in Apache Struts2 is using a XStreamHandler with an instance of XStream for deserialization without any type filtering which could lead to Remote Code Execution when deserializing XML payloads. An attacker could use this flaw to execute arbitrary code or conduct further attacks.
0.975 High
EPSS
Percentile
100.0%