Powered by

Apache warns Struts 2.3 is using a library with a two year old critical flaw

Nov 06, 2018 - ICT Monitor Worldwide

The Apache Software Foundation is warning organizations using certain versions of Struts 2 to update a library called Commons FileUpload, which contains a two-year old flaw that can lead to remote code execution attacks against public facing websites.

The flaw affects projects using Struts 2.3.36 and prior, which use the Commons FileUpload library version 1.3.2. Applications on Struts 2.5.12 are not affected because theyre using the Commons FileUpload library version 1.3.3, which addressed...