MD-2023-1221#
Statement on MD-2023-1221 Apache Struts Critical Vulnerability#
December 21, 2023
Information#
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
More info at CVE-2023-50164
Severity#
Low
Response#
Melissa Data Corporation (“Melissa”) was not impacted by Apache Struts Critical Vulnerability. Any Melissa commercial web services or products were not impacted by this vulnerability.
Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.