...
Who should read this | All Struts 2 developers and users |
---|---|
Impact of vulnerability | Denial of Service |
Maximum security rating | Important |
Recommendation | Upgrade to Struts 2.5.30.1 31 or 6.1.2.1 or greater |
Affected Software | Struts 2.0.0 - Struts 6.1.2 |
Reporters | Matthew McClain |
CVE Identifier | CVE-2023-34396 |
...
Solution
Upgrade to Struts 2.5.30.1 31 or 6.1.2.1 or greater.
Backward compatibility
No issues expected when upgrading to Struts 2.5.30.131 or 6.1.2.1
Workaround
Set struts.multipart.maxSize to a value much much smaller than the available memory.