SummaryExcessive disk usage during file upload
Who should read this
All Struts 2 developers and users
Impact of vulnerability
Denial of Service
Maximum security rating
Upgrade to Struts 2.5.32 or 184.108.40.206 or Struts 220.127.116.11 or greater
Struts 2.5.31, Struts 18.104.22.168 - Struts 6.3.0
When a Multipart request is performed but some of the fields exceed the
maxStringLength limit, the upload files will remain in
struts.multipart.saveDir even if the request has been denied.
Upgrade to Struts 2.5.32, 22.214.171.124, 126.96.36.199 or greater.
No issues expected when upgrading to Struts 2.5.32, 188.8.131.52 or 6.3.01