Apache Struts 2 Remote Code Execution (CVE-2023-50164) – Cato’s Analysis and Mitigation
CATO Networks
DECEMBER 17, 2023
By Vadim Freger , Dolev Moshe Attiya On December 7th, 2023, the Apache Struts project disclosed a critical vulnerability ( CVSS score 9.8 ) in its Struts 2 open-source web framework. The vulnerability resides in the flawed file upload logic and allows attackers to manipulate upload parameters, resulting in arbitrary file upload and code execution under certain conditions.
52 
Let's personalize your content