An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-12-07T08:49:19.853Z

Updated: 2024-12-17T04:56:05.065Z

Reserved: 2023-12-04T08:37:57.468Z

Link: CVE-2023-50164

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-07T09:15:07.060

Modified: 2024-11-21T08:36:35.520

Link: CVE-2023-50164

cve-icon Redhat

Severity : Critical

Publid Date: 2023-12-07T00:00:00Z

Links: CVE-2023-50164 - Bugzilla