Statement on CVE 2023-50164 Apache Struts: File Upload Component Had a Directory Traversal Vulnerability

Statement on CVE 2023-50164 Apache Struts: File Upload Component Had a Directory Traversal Vulnerability#

December 15, 2023

Information #

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Risk #

Not Applicable

Response #

Melissa Data Corporation (“Melissa”) was not impacted by Apache Struts Critical Vulnerability. Any Melissa commercial web services or products were not impacted by this vulnerability.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

Statement on CVE 2023-50164 Apache Struts: File Upload Component Had a Directory Traversal Vulnerability

Contents

Statement on CVE 2023-50164 Apache Struts: File Upload Component Had a Directory Traversal Vulnerability#

Information#

Risk#

Response#

Information #

Risk #

Response #