Fwd: [ANN] Apache Struts 6.3.0.2 & 2.5.33

FYI -- Forwarded message - Od: Lukasz Lenart Date: czw., 7 gru 2023 o 08:30 Subject: [ANN] Apache Struts 6.3.0.2 & 2.5.33 To: Cc: The Apache Struts group is pleased to announce that Apache Struts versions 6.3.0.2 & 2.5.33 are available as “General Availability” releases. The G

CVE-2023-50164: Apache Struts: File upload component had a directory traversal vulnerability

Severity: critical Affected versions: - Apache Struts 2.0.0 through 2.5.32 - Apache Struts 6.0.0 through 6.3.0.1 Description: An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to p