Security fixes were made available by the Apache Software Foundation to fix a serious file upload vulnerability in the open-source Struts 2 framework. Remote code execution may result from the vulnerability, which is known as CVE-2023-50164, if it is successfully exploited.
By modifying the file upload parameters, a remote attacker can allow pathways traversal, which may result in the upload of a malicious file that can be exploited to run arbitrary code.According to the alert released by the Apache Software Foundation, “An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.”