Описание
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
A flaw was found in struts. When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'struts.multipart.saveDir', even if the request has been denied.
Отчет
This issue only affects Struts 2 and newer, which is not shipped in any Red Hat Products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | org.apache.struts-struts-core | Not affected | ||
| Migration Toolkit for Applications 6 | org.apache.struts-struts-core | Not affected | ||
| Migration Toolkit for Runtimes | org.apache.struts-struts-core | Not affected | ||
| OpenShift Serverless | org.apache.struts-struts-core | Not affected | ||
| Red Hat AMQ Broker 7 | org.apache.struts-struts-core | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | org.apache.struts-struts-core | Not affected | ||
| Red Hat build of Debezium 2 | org.apache.struts-struts-core | Not affected | ||
| Red Hat Build of Keycloak | org.apache.struts-struts-core | Not affected | ||
| Red Hat build of OptaPlanner 8 | org.apache.struts-struts-core | Not affected | ||
| Red Hat build of Quarkus | org.apache.struts/struts-core | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
When a Multipart request is performed but some of the fields exceed th ...
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Уязвимость конфигурации struts.multipart.saveDir программной платформы Apache Struts, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3