Published on December 7, 2023, and updated recently, an urgent security advisory has been issued concerning a critical vulnerability—CVE-2023-50164—in Apache Struts. This flaw involves a directory traversal vulnerability within the file upload component, potentially allowing attackers to exploit file upload parameters, leading to possible Remote Code Execution (RCE) scenarios.
The vulnerability could be manipulated by attackers to enable path traversal, subsequently uploading malicious files. This exploit, if successful, grants unauthorized remote access, posing significant security risks to affected systems.
Affected Software and Recommended Fixes:
maven/org.apache.struts:struts2-core:
Versions ranging from >=6.0.0 to <6.3.0.2 are affected. Users are advised to upgrade to version 6.3.0.2 to mitigate the vulnerability.
maven/org.apache.struts:struts2-core:
Versions from >=2.5-BETA1 to <2.5.33 are impacted. Upgrading to version 2.5.33 is recommended to address this critical issue.
Users are strongly urged to take immediate action by upgrading their systems to either Struts 2.5.33 or Struts 6.3.0.2 or higher versions to prevent potential exploitation of this vulnerability.
For further insights and details: