Critical severityNVD Advisory· Published Dec 7, 2023· Updated Mar 14, 2025
Apache Struts: File upload component had a directory traversal vulnerability
CVE-2023-50164
Description
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.struts:struts2-coreMaven | >= 2.0.0, < 2.5.33 | 2.5.33 |
org.apache.struts:struts2-coreMaven | >= 6.0.0, < 6.3.0.2 | 6.3.0.2 |
Affected products
2Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-2j39-qcjm-428wghsaADVISORY
- lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhjghsavendor-advisorymailing-listWEB
- nvd.nist.gov/vuln/detail/CVE-2023-50164ghsaADVISORY
- packetstormsecurity.com/files/176157/Struts-S2-066-File-Upload-Remote-Code-Execution.htmlghsaWEB
- www.openwall.com/lists/oss-security/2023/12/07/1ghsaWEB
- cwiki.apache.org/confluence/display/WW/S2-066ghsaWEB
- github.com/apache/struts/commit/162e29fee9136f4bfd9b2376da2cbf590f9ea163ghsaWEB
- github.com/apache/struts/commit/d8c69691ef1d15e76a5f4fcf33039316da2340b6ghsaWEB
- security.netapp.com/advisory/ntap-20231214-0010ghsaWEB
- www.openwall.com/lists/oss-security/2023/12/07/1ghsaWEB
- security.netapp.com/advisory/ntap-20231214-0010/mitre
News mentions
0No linked articles in our index yet.