Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 07 Dec 2023 07:38:54 +0000
From: Lukasz Lenart <>
Subject: CVE-2023-50164: Apache Struts: File upload component had a
 directory traversal vulnerability 

Severity: critical

Affected versions:

- Apache Struts 2.0.0 through 2.5.32
- Apache Struts 6.0.0 through


An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or  Struts or greater to fix this issue.


Steven Seeley (reporter)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.