Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Remote Code Execution

Maximum security rating

Critical

Recommendation

Upgrade to Struts 6.4.0 or greater and use Action File Upload Interceptor

Affected Software

  • Struts 2.0.0 through Struts 2.3.37 (EOL)
  • Struts 2.5.0 trough through Struts 2.5.33 (EOL)
  • Struts 6.0.0 through Struts 6.3.0.2

Reporters

Shinsaku Nomura

CVE Identifier

CVE-2024-53677

...