CVE-2023-50164

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.0.0 through 2.5.32 Apache Struts versions 6.0.0 through 6.3.0.1

Description A critical vulnerability has been identified in Apache Struts, allowing attackers to manipulate file upload parameters and enable path traversal, potentially leading to remote code execution. This issue is related to the file upload component of Apache Struts, which contains a directory traversal vulnerability. The vulnerability can be exploited by manipulating the uploadFileName parameter, allowing attackers to upload malicious files to arbitrary locations on the server.

Recommendations To resolve the issue, upgrade to Apache Struts version 2.5.33 or later, or version 6.3.0.2 or later. As a temporary workaround, consider restricting access to the file upload functionality to minimize the risk of exploitation. Additionally, restrict access to the vulnerable uploadFileName parameter in the affected API endpoint until the issue is resolved.