DevSecOps

org.apache.struts/struts2-core - critical issue in >=6.0.0,<6.3.0.2;>=2.0.0,<2.5.33 - CVE-2023-50164

Description

Package org.apache.struts/struts2-core which comes from package manager maven is found vulnerable with critical severity, please avoid version >=6.0.0,<6.3.0.2;>=2.0.0,<2.5.33 in order to mitigate.

Outbreak Alert

FortiGuard Labs has detected on-going exploit attempts targeting a recently patched Apache Struts 2 vulnerability. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems.

View the full Outbreak Alert Report

Recommended Actions

Avoid using versions >=6.0.0,<6.3.0.2;>=2.0.0,<2.5.33 for package org.apache.struts/struts2-core

Coverage

FortiDevSec 24.3 or later

Version Updates

Date	Version	Status	Detail
2024-09-30	24.30000	New	None

ID	20683
CVE ID
CWE ID	CWE-552
OWASP	A01:2021
Package Source	maven
Affected Language	Java
Date	Feb 16, 2024
Risk
Tags	Apache Struts 2 RCE Threat Signal

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

DevSecOps

org.apache.struts/struts2-core - critical issue in >=6.0.0,<6.3.0.2;>=2.0.0,<2.5.33 - CVE-2023-50164

Description

Outbreak Alert

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

DevSecOps

org.apache.struts/struts2-core - critical issue in >=6.0.0,<6.3.0.2;>=2.0.0,<2.5.33 - CVE-2023-50164

Description

Outbreak Alert

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center