Severity: critical

Affected versions:

- Apache Struts 2.0.0 through 2.5.32
- Apache Struts 6.0.0 through


An attacker can manipulate file upload params to enable paths traversal and 
under some circumstances this can lead to uploading a malicious file which can 
be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or  Struts 
or greater to fix this issue.


Steven Seeley (reporter)


To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to