CVE-2023-41835

{"id": "CVE-2023-41835", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-05T09:15:07.093", "references": [{"url": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft", "tags": ["Mailing List", "Release Notes"], "source": "security@apache.org"}, {"url": "https://www.openwall.com/lists/oss-security/2023/12/09/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-459"}]}, {"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-459"}]}], "descriptions": [{"lang": "en", "value": "When a Multipart request is performed but some of the fields exceed the maxStringLength\u00a0 limit, the upload files will remain in struts.multipart.saveDir\u00a0 even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue."}, {"lang": "es", "value": "Cuando se realiza una solicitud multiparte pero algunos de los campos exceden el l\u00edmite maxStringLength, los archivos cargados permanecer\u00e1n en struts.multipart.saveDir incluso si la solicitud ha sido denegada. Se recomienda a los usuarios actualizar a las versiones Struts 2.5.32 o 6.1.2.2 o Struts 6.3.0.1 o superior, que solucionan este problema."}], "lastModified": "2023-12-13T21:26:41.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9AB79F4-6FCB-42EC-B241-099B97CC99ED", "versionEndExcluding": "2.5.32", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97723A4F-E3A6-4AF3-ACC9-3C9618A75220", "versionEndExcluding": "6.3.0.1", "versionStartIncluding": "6.1.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}