HIGH 7.5 Maven
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
GHSA-729q-fcgp-r5xh · CVE-2023-41835
Published · Modified
Description
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fix this issue.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-41835
- WEB https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
- WEB https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
- WEB https://github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
- PACKAGE https://github.com/apache/struts
- WEB https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
- WEB https://security.netapp.com/advisory/ntap-20231013-0001
- WEB https://www.openwall.com/lists/oss-security/2023/12/09/1
- WEB http://www.openwall.com/lists/oss-security/2023/12/09/1
Ready to move
Start Securing
Free, no credit card | First findings in minutes