MD-2023-1221#

Statement on MD-2023-1221 Apache Struts Critical Vulnerability #

December 21, 2023

Information #

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

More info at CVE-2023-50164

Severity #

Low

Response #

Melissa Data Corporation (“Melissa”) was not impacted by Apache Struts Critical Vulnerability. Any Melissa commercial web services or products were not impacted by this vulnerability.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

If you have any additional questions, please contact Melissa’s Compliance department at Compliance@melissa.com.

MD-2023-1221

Contents

MD-2023-1221#

Statement on MD-2023-1221 Apache Struts Critical Vulnerability#

Information#

Severity#

Response#

Statement on MD-2023-1221 Apache Struts Critical Vulnerability #

Information #

Severity #

Response #