Vulnerability — CVE-2024-53677

CVE-2024-53677

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2024-53677
Description:: File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 at least and migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . If you are not using an old file upload logic based on FileuploadInterceptor your application is safe. You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067
Last updated date:: 01/03/2025

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/12/2024
Reference url to background: https://github.com/cloudwafs/s2-067-CVE-2024-53677

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/13/2024
Reference url to background: https://github.com/TAM-K592/CVE-2024-53677-S2-067

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/17/2024
Reference url to background: https://github.com/c4oocO/CVE-2024-53677-Docker

Type:: exploit
Confidence:: HIGH
Date of publishing:: 12/18/2024
Reference url to background: https://github.com/XiaomingX/CVE-2024-53677-S2-067