I missed 6.7.4, sorry, my bad :( Any version above 6.7.x is fine. czw., 4 gru 2025 o 21:36 David Brunstein <[email protected]> napisał(a): > > I am looking into CVE-2025-64775, and which Apache Struts2 versions are > affected. > > My findings on the web are inconsistent. Lukasz, can you confirm that this > would not affect versions of Struts 6 above Struts 6.7.0? > > Thank you, > Davo > > On Mon, Dec 1, 2025 at 8:45 AM Lukasz Lenart <[email protected]> > wrote: > > > Severity: important > > > > Affected versions: > > > > - Apache Struts (org.apache.struts:struts2-core) 2.0.0 through 6.7.0 > > - Apache Struts (org.apache.struts:struts2-core) 7.0.0 through 7.0.3 > > > > Description: > > > > Denial of Service vulnerability in Apache Struts, file leak in > > multipart request processing causes disk exhaustion. > > > > This issue affects Apache Struts: from 2.0.0 through 6.7.0, from 7.0.0 > > through 7.0.3. > > > > Users are recommended to upgrade to version 6.8.0 or 7.1.1, which > > fixes the issue. > > > > Credit: > > > > Nicolas Fournier (reporter) > > > > References: > > > > https://cwiki.apache.org/confluence/display/WW/S2-068 > > https://struts.apache.org/ > > https://www.cve.org/CVERecord?id=CVE-2025-64775 > > > > > > On behalf of the Apache Struts project > > Łukasz Lenart > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
