CVE-2024-53677 – Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks

https://notcve.org/view.php?id=CVE-2024-53677

11 Dec 2024 — File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0, which fixes the issue. You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067 File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Exec... • https://packetstorm.news/files/id/183165 • CWE-434: Unrestricted Upload of File with Dangerous Type •