VulnerableCode Package Details - pkg:maven/org.apache.struts/struts2-rest-plugin@6.3.0.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-gfxq-vtry-bqgg Aliases: CVE-2023-50164 GHSA-2j39-qcjm-428w	Files or Directories Accessible to External Parties An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.	6.3.0.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-gfxq-vtry-bqgg
Aliases:
CVE-2023-50164
GHSA-2j39-qcjm-428w

Files or Directories Accessible to External Parties An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

6.3.0.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hpm1-euf1-vff1	Incomplete Cleanup When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.	CVE-2023-41835 GHSA-729q-fcgp-r5xh

Vulnerability

Summary

Aliases

VCID-hpm1-euf1-vff1

Incomplete Cleanup When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

CVE-2023-41835
GHSA-729q-fcgp-r5xh

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:45:02.740538+00:00	GitLab Importer	Affected by	VCID-gfxq-vtry-bqgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2023-50164.yml	38.4.0
2026-04-16T22:44:47.031932+00:00	GitLab Importer	Fixing	VCID-hpm1-euf1-vff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2023-41835.yml	38.4.0
2026-04-12T00:04:41.090767+00:00	GitLab Importer	Affected by	VCID-gfxq-vtry-bqgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2023-50164.yml	38.3.0
2026-04-12T00:04:24.849628+00:00	GitLab Importer	Fixing	VCID-hpm1-euf1-vff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2023-41835.yml	38.3.0
2026-04-03T00:09:20.999050+00:00	GitLab Importer	Affected by	VCID-gfxq-vtry-bqgg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2023-50164.yml	38.1.0
2026-04-03T00:09:04.560089+00:00	GitLab Importer	Fixing	VCID-hpm1-euf1-vff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2023-41835.yml	38.1.0
2026-04-01T12:52:12.629171+00:00	GitLab Importer	Fixing	VCID-hpm1-euf1-vff1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.struts/struts2-rest-plugin/CVE-2023-41835.yml	38.0.0