← Back to CVE List

CVE-2024-53677

Published: 2024-12-11T16:15Z
Last Modified: 2025-01-03T12:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in  https://cwiki.apache.org/confluence/display/WW/S2-067 > MITRE Terms of Use apply – see LICENSE‑MITRE.txt