Apache Struts 2 Vulnerability CVE-2023-50164 Exposed
On December 7th, 2023, the Apache Struts project disclosed a significant vulnerability, CVE-2023-50164, in its Struts 2 open-source web framework. Rated at a critical CVSS score of 9.8, this flaw resides within the framework’s file upload logic. Exploiting this vulnerability empowers attackers to manipulate upload parameters, potentially leading to arbitrary file upload and, under specific conditions, code execution.