Apache Struts2 Vulnerability CVE-2024-53677 Disclosed
/ 1 min read
🕵️♂️ Apache Struts2 vulnerability CVE-2024-53677 poses serious security risks. Apache recently disclosed a critical path traversal vulnerability in Struts2, scoring 9.5 on the CVSS scale, which could allow unauthorized file uploads and potentially lead to remote code execution. The vulnerability requires users to transition to a new Action File Upload mechanism, as continuing with the old method leaves systems exposed. Active exploit attempts have been observed, with attackers using proof-of-concept code to upload malicious scripts. The vulnerability appears to be linked to a previous issue, CVE-2023-50164, suggesting that an incomplete patch may have contributed to its emergence. Users are urged to patch their systems promptly to mitigate these risks.
