VYPR
High severityNVD Advisory· Published Jun 14, 2023· Updated Feb 13, 2025

Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms

CVE-2023-34396

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.struts:struts2-coreMaven
< 2.5.312.5.31
org.apache.struts:struts2-coreMaven
>= 6.0.0, < 6.1.2.16.1.2.1
org.apache.struts:struts-coreMaven
<= 1.3.10
struts:strutsMaven
<= 1.2.9

Affected products

4

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.