all InfoSec news
Apache Fixes Critical Struts Flaw
Malware Analysis, News and Indicators - Latest topics malware.news
There is a critical vulnerability in several versions of the Apache Struts framework that can allow an attacker to upload a malicious file and potentially gain remote code execution.
The flaw (CVE-2023-50164) affects versions 2.5.0-2.5.32 and 6.0.0-6.3.0, and the Apache Software Foundation has released updates to fix the bug. The issue is related to the way that Stuts handles file uploads in some circumstances.
“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this …
apache apache software foundation apache struts attacker bug code code execution critical critical vulnerability cve file fix fixes flaw foundation framework issue malicious remote code remote code execution software struts updates upload vulnerability