Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Remote Code Execution

Maximum security rating

critical

Recommendation

Upgrade to Struts 2.5.33 or Struts 6.3.0.2 or greater

Affected Software

Struts 2.5.0 - Struts 2.5.32, Struts 6.0.0 - Struts 6.3.0

Reporters

Steven Seeley

CVE Identifier

TBDCVE-2023-50164

Problem

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.

...