This vulnerability, which scores a 9.5 on the CVSS scale, allows attackers to execute arbitrary code remotely by exploiting flaws in the framework’s file upload mechanism.
Remote Code Execution (RCE): Execute malicious code by uploading and triggering executable files, such as .jsp scripts or binary payloads. According to the Apache Struts advisory, the vulnerability is not backward-compatible with older file upload mechani
org.apache.struts:struts2-core is a popular open-source framework for developing web applications in the Java programming language. Affected versions of this package are vulnerable to Remote Code Execution (RCE) via manipulation of file upload parameters
Apache released a security advisory to address a critical severity vulnerability in Struts2. Tracked as CVE-2024-53677, successful exploitation of the vulnerability may allow a remote attacker to execute arbitrary code, leading to critical data loss and p
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. An attacker can manipulate file upload parameters to enable path traversal and under some circumstances this can lead to uploading a malicious file which c
CVE-2024-53677 and CVE-2023-50164 are vulnerabilities in Apache Struts that could pave the way for remote code execution, or RCE. Learn how to figure out if you’re affected, and if so what to do about it
The SonicWall Capture Labs threat research team became aware of an unauthenticated, remote code execution vulnerability in the Apache Struts 2 framework, assessed its impact, and developed mitigation measures.