S2-066 Apache Struts 2 Wiki Advisory

S2-066 vulnerability in Apache Struts 2 allows remote code execution due to flawed file upload logic; upgrade to Struts 2.5.33 or 6.3.0.2 or later.

Key Takeaways:

  • Vulnerability: Flawed file upload logic can allow remote code execution.
  • Severity: Maximum security rating of critical.
  • Recommendation: Upgrade to Struts 2.5.33 or 6.3.0.2 or greater.
  • Affected Versions: Struts 2.0.0 – 2.3.37, 2.5.0 – 2.5.32, 6.0.0 – 6.3.0.
  • CVE Identifier: CVE-2023-50164.
  • Reporter: Steven Seeley of Source Incite.
  • Backward compatibility: No issues expected when upgrading.

Source:
https://cwiki.apache.org/confluence/display/WW/S2-066