When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft | Mailing List Release Notes |
https://www.openwall.com/lists/oss-security/2023/12/09/1 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Dec 2023, 21:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.openwall.com/lists/oss-security/2023/12/09/1 - Mailing List, Third Party Advisory |
12 Dec 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
11 Dec 2023, 15:28
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-459 | |
CPE | cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft - Mailing List, Release Notes | |
References | () http://www.openwall.com/lists/oss-security/2023/12/09/1 - Third Party Advisory |
09 Dec 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Dec 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-05 09:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-41835
Mitre link : CVE-2023-41835
CVE.ORG link : CVE-2023-41835
JSON object : View
Products Affected
apache
- struts
CWE
CWE-459
Incomplete Cleanup