CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

History

13 Dec 2023, 21:26

Type Values Removed Values Added
References () https://www.openwall.com/lists/oss-security/2023/12/09/1 - () https://www.openwall.com/lists/oss-security/2023/12/09/1 - Mailing List, Third Party Advisory

12 Dec 2023, 09:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2023/12/09/1', 'name': 'http://www.openwall.com/lists/oss-security/2023/12/09/1', 'tags': ['Third Party Advisory'], 'refsource': ''}
  • () https://www.openwall.com/lists/oss-security/2023/12/09/1 -

11 Dec 2023, 15:28

Type Values Removed Values Added
CWE CWE-913 CWE-459
CPE cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft - () https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft - Mailing List, Release Notes
References () http://www.openwall.com/lists/oss-security/2023/12/09/1 - () http://www.openwall.com/lists/oss-security/2023/12/09/1 - Third Party Advisory

09 Dec 2023, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2023/12/09/1 -

05 Dec 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-05 09:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-41835

Mitre link : CVE-2023-41835

CVE.ORG link : CVE-2023-41835


JSON object : View

Products Affected

apache

  • struts
CWE
CWE-459

Incomplete Cleanup