CVE-2023-50164

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-50164

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50164.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50164

Aliases

GHSA-2j39-qcjm-428w

Published

2023-12-07T09:15:07.060Z

Modified

2026-02-24T01:48:09.418476Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

References

Affected packages

Git / github.com/apache/struts

Affected ranges

Type: GIT
Repo: https://github.com/apache/struts
Events: Introduced

2c0a197cea8fdc7d8cda5eeaa15a1c76507ac0a5

Fixed

ca8d57c538136983a0180ac508ebcfabaf73f839

Introduced

68fb49c10e083dce829476778eec726fc90c8c38

Fixed

ad95ab30f284e919d6560cbc396926f43bf8d32b

Affected versions

Other

STRUTS_6_0_0

STRUTS_6_0_1

STRUTS_6_0_2

STRUTS_6_0_3

STRUTS_6_1_0

STRUTS_6_1_1

STRUTS_6_2_0

STRUTS_6_3_0

STRUTS_6_3_0_1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50164.json"