CVE-2023-50164

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 7, 2023

Updated: Dec 20, 2023

CWE ID 552

Summary

CVE-2023-50164 is a newly identified vulnerability in Apache Struts that allows an attacker to manipulate file upload parameters. By exploiting this issue, an adversary can perform paths traversal and potentially upload malicious files. In some cases, this can lead to Remote Code Execution. To mitigate this risk, users are advised to upgrade to the latest versions of Struts 2.5.33 or Struts 6.3.0.2 or higher.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation Struts
Apache Struts
Apache Struts 2.2

Affected Vendors

Apache Software Foundation
Apache Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/trWlER
https://www.cve.org/CVERecord?id=CVE-2023-50164
https://nvd.nist.gov/vuln/detail/CVE-2023-50164

Back to Vulnerability Database