Remote Code Execution (RCE)

🗓️ 16 Dec 2024 09:21:34Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 21 Views

Apache Struts2-core is vulnerable to Remote Code Execution due to improper file upload validation.

Reporter	Title	Published	Views	Family All 52
IBM Security Bulletins	Security Bulletin: Remediation of Multiple Apache Struts 2.5.33 Vulnerabilities in IBM Library Support for Struts.	16 Jan 202609:11	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2024-53677)	28 Jan 202521:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	26 Mar 202504:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities (CVE-2024-53677, CVE-2025-23184)	19 Jun 202505:35	–	ibm
GithubExploit	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts	13 Dec 202417:42	–	githubexploit
GithubExploit	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts	18 Dec 202418:42	–	githubexploit
GithubExploit	Exploit for CVE-2024-53667	22 May 202607:20	–	githubexploit
GithubExploit	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts	18 Dec 202402:03	–	githubexploit
GithubExploit	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts	8 Jan 202519:36	–	githubexploit
GithubExploit	Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts	1 Sep 202513:17	–	githubexploit

Vulners

Node

apache struts2-coreRange2.0.0–6.3.0.2java

apache struts2-coreMatch2.0.11java

apache struts2-coreMatch2.0.11.1java

apache struts2-coreMatch2.0.11.2java

apache struts2-coreMatch2.0.12java

apache struts2-coreMatch2.0.14java

apache struts2-coreMatch2.0.5java

apache struts2-coreMatch2.0.6java

apache struts2-coreMatch2.0.8java

apache struts2-coreMatch2.0.9java

apache struts2-coreMatch2.1.2java

apache struts2-coreMatch2.1.6java

apache struts2-coreMatch2.1.8java

apache struts2-coreMatch2.1.8.1java

apache struts2-coreMatch2.2.1java

apache struts2-coreMatch2.2.1.1java

apache struts2-coreMatch2.2.3java

apache struts2-coreMatch2.2.3.1java

apache struts2-coreMatch2.3.1java

apache struts2-coreMatch2.3.1.1java

apache struts2-coreMatch2.3.1.2java

apache struts2-coreMatch2.3.12java

apache struts2-coreMatch2.3.14java

apache struts2-coreMatch2.3.14.1java

apache struts2-coreMatch2.3.14.2java

apache struts2-coreMatch2.3.14.3java

apache struts2-coreMatch2.3.15java

apache struts2-coreMatch2.3.15.1java

apache struts2-coreMatch2.3.15.2java

apache struts2-coreMatch2.3.15.3java

apache struts2-coreMatch2.3.16java

apache struts2-coreMatch2.3.16.1java

apache struts2-coreMatch2.3.16.2java

apache struts2-coreMatch2.3.16.3java

apache struts2-coreMatch2.3.20java

apache struts2-coreMatch2.3.20.1java

apache struts2-coreMatch2.3.20.3java

apache struts2-coreMatch2.3.24java

apache struts2-coreMatch2.3.24.1java

apache struts2-coreMatch2.3.24.3java

apache struts2-coreMatch2.3.28java

apache struts2-coreMatch2.3.28.1java

apache struts2-coreMatch2.3.29java

apache struts2-coreMatch2.3.3java

apache struts2-coreMatch2.3.30java

apache struts2-coreMatch2.3.31java

apache struts2-coreMatch2.3.32java

apache struts2-coreMatch2.3.33java

apache struts2-coreMatch2.3.34java

apache struts2-coreMatch2.3.35java

apache struts2-coreMatch2.3.36java

apache struts2-coreMatch2.3.37java

apache struts2-coreMatch2.3.4java

apache struts2-coreMatch2.3.4.1java

apache struts2-coreMatch2.3.7java

apache struts2-coreMatch2.3.8java

apache struts2-coreMatch2.5java

apache struts2-coreMatch2.5-beta1java

apache struts2-coreMatch2.5-beta2java

apache struts2-coreMatch2.5-beta3java

apache struts2-coreMatch2.5.1java

apache struts2-coreMatch2.5.10java

apache struts2-coreMatch2.5.10.1java

apache struts2-coreMatch2.5.12java

apache struts2-coreMatch2.5.13java

apache struts2-coreMatch2.5.14java

apache struts2-coreMatch2.5.14.1java

apache struts2-coreMatch2.5.16java

apache struts2-coreMatch2.5.17java

apache struts2-coreMatch2.5.18java

apache struts2-coreMatch2.5.2java

apache struts2-coreMatch2.5.20java

apache struts2-coreMatch2.5.22java

apache struts2-coreMatch2.5.25java

apache struts2-coreMatch2.5.26java

apache struts2-coreMatch2.5.27java

apache struts2-coreMatch2.5.28java

apache struts2-coreMatch2.5.28.1java

apache struts2-coreMatch2.5.28.2java

apache struts2-coreMatch2.5.28.3java

apache struts2-coreMatch2.5.29java

apache struts2-coreMatch2.5.30java

apache struts2-coreMatch2.5.31java

apache struts2-coreMatch2.5.32java

apache struts2-coreMatch2.5.33java

apache struts2-coreMatch2.5.5java

apache struts2-coreMatch2.5.8java

apache struts2-coreMatch6.0.0java

apache struts2-coreMatch6.0.3java

apache struts2-coreMatch6.1.1java

apache struts2-coreMatch6.1.2java

apache struts2-coreMatch6.1.2.1java

apache struts2-coreMatch6.1.2.2java

apache struts2-coreMatch6.2.0java

apache struts2-coreMatch6.3.0java

apache struts2-coreMatch6.3.0.1java

Source	Link
struts	www.struts.apache.org/core-developers/file-upload
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-53677
github	www.github.com/apache/struts/commit/930fef7679d7247db9e460c146b1698a9d7ad1e4
cwiki	www.cwiki.apache.org/confluence/display/WW/S2-067
github	www.github.com/apache/struts/commit/3ef9ade8902a63bb560892453eeca02bfddefc78
github	www.github.com/apache/struts/commit/1ecfbae46543a83e131404f8dcc84b3d0d554854
dynatrace	www.dynatrace.com/news/blog/the-anatomy-of-broken-apache-struts-2-a-technical-deep-dive-into-cve-2024-53677
security	www.security.netapp.com/advisory/ntap-20250103-0005
github	www.github.com/apache/struts

13 Dec 2025 04:23Current

7.5High risk

Vulners AI Score7.5

CVSS 3.19.8

CVSS 49.5

EPSS0.93188

SSVC