CVE-2024-53677
Description
File upload logic in Apache Struts is flawed.An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.This issue affects Apache Struts: from 2.0.0 before 6.4.0.Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based onFileuploadInterceptoryour application is safe.You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2024-53677 are fixed in Apache-struts2-core 6.4.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 12.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 12.1 | Windows |
| Vulnerabilities CVE-2024-53677 are fixed in Apache-structs2-core for Linux 6.4.0 | Linux |
| CVE-2024-53677 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234