1. Home
  2. Vulnerabilities
  3. CVE-2023-50164

CVE-2023-50164

CVSS v3.1 9.8 (Critical)
98% Progress
EPSS 9.04 % (95th)
9.04% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Weaknesses
CWE-552
Files or Directories Accessible to External Parties
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2023-12-07 09:15:07
(9 months ago)
Updated Date
2023-12-20 17:58:26
(9 months ago)

Affected Products

Apache

Configuration #1

    CPE23 From Up To
  Apache Struts from 2.0.0 version and prior 2.5.33 version cpe:2.3:a:apache:struts >= 2.0.0 < 2.5.33
  Apache Struts from 6.0.0 version and prior 6.3.0.2 version cpe:2.3:a:apache:struts >= 6.0.0 < 6.3.0.2