cveapachestruts2

2023年12月17日 — This vulnerability stems from the manipulation of file upload parameters. The first flaw involves simulating the file upload, where directory ...

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a %} sequence in a tag attribute, aka forced double OGNL evaluation.

2023年12月15日 — (CVE-2023-50164) affecting Apache Struts 2 versions 2.0.0 to 2.3.37, 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0. The vulnerability is rated as a 9.8 on ...

2023年12月26日 — CVE-2023-50164 was published on December 7th, 2023 to create awareness of a critical vulnerability in Apache Struts 2. A CVSS score of 9.8 has ...

2023年12月13日 — Identified as CVE-2023-50164, this flaw exists in the Struts 2 framework's “file upload logic.” It allows unauthorized path traversal, enabling ...

【漏洞預警】特定版本Apache Struts 2允許攻擊者遠端執行任意程式碼. [內容說明:] 轉發行政法人國家資通安全科技中心資安訊息警訊NCCST-ANA-201604-0047.

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a %} sequence in a tag attribute, aka forced double OGNL evaluation.

2023年12月15日 — The vulnerability in Apache Struts arises from parameter pollution. In this scenario, an attacker can manipulate the request by modifying the ...

2023年12月14日 — CVE-2023-50164 represents a critical vulnerability discovered within Apache Struts 2, which is an open source framework that is widely used for ...

2023年12月14日 — Taking a closer look, CVE-2023-50164 involves a vulnerability in the file upload mechanism of Apache Struts. For a non-technical audience, ...