Apache Struts: Mixing setters for uploaded files and normal fields can allow bypass file upload checks (CVE-2024-53677)
Brocade Security Team has become aware of a critical Remote Code Execution affecting Apache Struts. Detail An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code...