VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-convention-plugin@6.2.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-gfxq-vtry-bqgg Aliases: CVE-2023-50164 GHSA-2j39-qcjm-428w	Files or Directories Accessible to External Parties An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.	6.3.0.2 Affected by 0 other vulnerabilities.
VCID-hpm1-euf1-vff1 Aliases: CVE-2023-41835 GHSA-729q-fcgp-r5xh	Incomplete Cleanup When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.	6.3.0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gfxq-vtry-bqgg
Aliases:
CVE-2023-50164
GHSA-2j39-qcjm-428w

Files or Directories Accessible to External Parties An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

6.3.0.2
Affected by 0 other vulnerabilities.

VCID-hpm1-euf1-vff1
Aliases:
CVE-2023-41835
GHSA-729q-fcgp-r5xh

Incomplete Cleanup When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

6.3.0.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:45:04.368681+00:00	GitLab Importer	Affected by	VCID-gfxq-vtry-bqgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-convention-plugin/CVE-2023-50164.yml	38.4.0
2026-04-16T22:44:46.421126+00:00	GitLab Importer	Affected by	VCID-hpm1-euf1-vff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-convention-plugin/CVE-2023-41835.yml	38.4.0
2026-04-12T00:04:42.820582+00:00	GitLab Importer	Affected by	VCID-gfxq-vtry-bqgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-convention-plugin/CVE-2023-50164.yml	38.3.0
2026-04-12T00:04:24.193394+00:00	GitLab Importer	Affected by	VCID-hpm1-euf1-vff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-convention-plugin/CVE-2023-41835.yml	38.3.0
2026-04-03T00:09:22.637076+00:00	GitLab Importer	Affected by	VCID-gfxq-vtry-bqgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-convention-plugin/CVE-2023-50164.yml	38.1.0
2026-04-03T00:09:03.937140+00:00	GitLab Importer	Affected by	VCID-hpm1-euf1-vff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-convention-plugin/CVE-2023-41835.yml	38.1.0