The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). About CVE-2023-50164 CVE-2023-50164 may allow an attacker to manipulate file upload parameters to enable path traversal. Under some circumstances this may allow the attacker to upload a malicious file that can be used to perform remote code execution. No additional details are available at this time. The … More

The post New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) appeared first on Help Net Security.