216.73.217.80

CVE-2023-50164

· Published 07/12/2023 10:15 · Modified 21/12/2025 07:45 · Author: The MITRE Corporation

Labels: CVE-2023-50164

Essential information

Published
07/12/2023 10:15
Modified
21/12/2025 07:45
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:H/A:H

CVSS metrics

Description

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

NVD status

NVD
View on NVD