The flaw tracked as CVE-2024-53677 received a 9.5 CVSS risk rating and allows attackers to manipulate file upload parameters, facilitating path traversal and potential RCE.
Qualys warned that a vulnerability like CVE-2024-53677 could have far-reaching implications such as loss of sensitive data and system compromise, urging immediate updates.
SANS's Johannes Ullrich explained that attackers are actively exploiting this vulnerability, trying to enumerate vulnerable systems and potentially targeting multiple vulnerabilities.
Users are advised to update to Struts 6.4.0 or later to mitigate risks. However, Apache cautioned that such updates require rewrites that aren't backward compatible.
Collection
[
|
...
]