From 448698863a67be6e00a1aa5fb115d0becdfa5178 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 7 Feb 2025 17:43:51 +0000
Subject: [PATCH] Publish GHSA-gg9m-fj3v-r58c

---
 .../2018/10/GHSA-gg9m-fj3v-r58c/GHSA-gg9m-fj3v-r58c.json    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/advisories/github-reviewed/2018/10/GHSA-gg9m-fj3v-r58c/GHSA-gg9m-fj3v-r58c.json b/advisories/github-reviewed/2018/10/GHSA-gg9m-fj3v-r58c/GHSA-gg9m-fj3v-r58c.json
index e63145d497c..ef18a41854b 100644
--- a/advisories/github-reviewed/2018/10/GHSA-gg9m-fj3v-r58c/GHSA-gg9m-fj3v-r58c.json
+++ b/advisories/github-reviewed/2018/10/GHSA-gg9m-fj3v-r58c/GHSA-gg9m-fj3v-r58c.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gg9m-fj3v-r58c",
-  "modified": "2024-07-25T20:17:38Z",
+  "modified": "2025-02-07T17:42:07Z",
   "published": "2018-10-16T19:37:56Z",
   "aliases": [
     "CVE-2017-9805"
   ],
   "summary": "REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering",
-  "details": "The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",
+  "details": "The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "2.1.2"
+              "introduced": "2.1.1"
             },
             {
               "fixed": "2.3.34"