SummaryExcessive disk usage during file upload
Who should read this
All Struts 2 developers and users
Impact of vulnerability
Denial of Service
Maximum security rating
Upgrade to Struts 2.5.32 or 126.96.36.199 or Struts 188.8.131.52 or greater
Struts 2.5.31, Struts 184.108.40.206 - Struts 6.3.0
When a Multipart request is performed but some of the fields exceed the
maxStringLength limit, the upload files will remain in
struts.multipart.saveDir even if the request has been denied.
Upgrade to Struts 2.5.32, 220.127.116.11, 18.104.22.168 or greater.
No issues expected when upgrading to Struts 2.5.32, 22.214.171.124 or 6.3.01