CVE-2023-50164
CVSS v3.1
9.8 (Critical)
EPSS
9.04 % (95th)
Affected Products
1
Advisories
2
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Weaknesses
- CWE-552
- Files or Directories Accessible to External Parties
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2023-12-07 09:15:07
(9 months ago) - Updated Date
-
2023-12-20 17:58:26
(9 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...