skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Apache Struts2 Vulnerability CVE-2024-53677 Disclosed

/ 1 min read

🕵️‍♂️ Apache Struts2 vulnerability CVE-2024-53677 poses serious security risks. Apache recently disclosed a critical path traversal vulnerability in Struts2, scoring 9.5 on the CVSS scale, which could allow unauthorized file uploads and potentially lead to remote code execution. The vulnerability requires users to transition to a new Action File Upload mechanism, as continuing with the old method leaves systems exposed. Active exploit attempts have been observed, with attackers using proof-of-concept code to upload malicious scripts. The vulnerability appears to be linked to a previous issue, CVE-2023-50164, suggesting that an incomplete patch may have contributed to its emergence. Users are urged to patch their systems promptly to mitigate these risks.

Source
{entry.data.source.title}
Original