You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Summary

DoS via OOM owing to not properly checking of list bounds.

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Denial of Service

Maximum security rating

Important

Recommendation

Upgrade to Struts 2.5.30.1 or 6.1.2.1 or greater

Affected Software

Struts 2.0.0 - Struts 6.1.2

Reporters

Matthew McClain

CVE Identifier

CVE-2023-34149

Problem

WW-4620 added autoGrowCollectionLimit to XWorkListPropertyAccessor, but it only handles setProperty() and not getProperty().

Solution

Upgrade to Struts 2.5.30.1 or 6.1.2.1 or greater.

Backward compatibility

No issues expected when upgrading to Struts 2.5.30.1

Workaround

N/A

  • No labels