An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-12-07T08:49:19.853Z
Updated: 2024-12-17T04:56:05.065Z
Reserved: 2023-12-04T08:37:57.468Z
Link: CVE-2023-50164
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-07T09:15:07.060
Modified: 2024-11-21T08:36:35.520
Link: CVE-2023-50164
Redhat