Apache Struts 2 fixes critical vulnerablity, upgrade ASAP
Take action: If you are using Apache Struts, update to versions 2.5.33 and 6.3.0.2 ASAP. Hiding the system behind a firewall doesn't work since Apache Struts is a web application framework - it's designed to be publicly accessible from the internet. Even if you are hiding the system behind a firewall, someone will expose it soon enough.
Learn More
The Apache Struts project has recently updated its popular open-source web application framework to remedy a critical vulnerability.
The vulnerability is tracked as CVE-2023-50164 (CVSS score 9.8) which poses a risk of remote code execution. This vulnerability, present in Apache Struts versions from 2.0.0 to 2.5.32 and 6.0.0 to 6.3.0.1, enables attackers to exploit file upload parameters for path traversal, potentially allowing them to upload harmful files for remote code execution.
The issue has been resolved in the newer Apache Struts versions 2.5.33 and 6.3.0.2. The project team strongly recommends all developers to promptly upgrade to these versions, assuring that the update process is straightforward and serves as a drop-in replacement.
