High severityNVD Advisory· Published Dec 5, 2023· Updated Nov 4, 2025
Apache Struts: excessive disk usage
CVE-2023-41835
Description
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts2-coreMaven | >= 6.2.0, < 6.3.0.1 | 6.3.0.1 |
org.apache.struts:struts2-coreMaven | >= 6.0.0, < 6.1.2.2 | 6.1.2.2 |
org.apache.struts:struts2-coreMaven | < 2.5.32 | 2.5.32 |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-729q-fcgp-r5xhghsaADVISORY
- lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ftghsamailing-listvendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-41835ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/12/09/1ghsaWEB
- github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2aghsaWEB
- github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7ghsaWEB
- github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711ghsaWEB
- security.netapp.com/advisory/ntap-20231013-0001ghsaWEB
- www.openwall.com/lists/oss-security/2023/12/09/1ghsaWEB
News mentions
0No linked articles in our index yet.