CVE-2023-50164

CVE-2023-50164: Apache Struts: File upload component had a directory traversal vulnerability

Vendor Apache Software Foundation

Product Apache Struts

Weakness CWE-552 · Files accessible externally

Published December 7, 2023

Last update March 14, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Key dates

Disclosure timeline

December 7, 2023 CVE published

March 14, 2025 Record updated

Identifiers

CVE CVE-2023-50164

CWE CWE-552

Affected versions

Vendor Apache Software Foundation

Product Apache Struts

Affected ≥ 2.0.0 and ≤ 2.5.32

Vendor Apache Software Foundation

Product Apache Struts

Affected ≥ 6.0.0 and ≤ 6.3.0.1