Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Published

2023-12-07T09:15:07.060

Last Modified

2025-02-13T18:15:49.103

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-552

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	struts	< 2.5.33	Yes
Application	apache	struts	< 6.3.0.2	Yes

References

http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html Third Party Advisory, VDB Entry ([email protected])
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj Mailing List, Patch ([email protected])
https://security.netapp.com/advisory/ntap-20231214-0010/ Third Party Advisory, VDB Entry ([email protected])
https://www.openwall.com/lists/oss-security/2023/12/07/1 Mailing List ([email protected])
http://packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231214-0010/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/12/07/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)