VDB
CISA-2023-41835
CISA-2023-41835
PUBLISHED
CVSS 7.5 HIGH
Reported by apache · Published December 5, 2023
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache Struts | 2.0.0, 6.1.2.1 |
| Apache Software Foundation | Apache Struts | 6.1.2.1, 2.0.0, 6.1.2.1 |
Timeline
- Dec 5, 2023 CVE Published
- May 28, 2025 CVE Updated