In December 2023, news broke of CVE-2023-50164—a critical Remote Code Execution (RCE) vulnerability in the Apache Struts2 open source Java library. As the stewards of Maven Central, our teams are working around the clock to ensure that the world has reliable and fast access to the latest Struts2 fixes.
CVE-2023-50164: Another vulnerability in the widely used Apache Struts2 component
The recent identification of CVE-2023-50164 in Apache Struts is quite similar to the high-profile cybersecurity Struts2 vulnerability in 2017 that impacted Equifax, Log4Shell (Log4j), and Spring4Shell.
Struts2 security vulnerability is not like Log4j, but it is similar to historic breaches and has the potential for disaster if not addressed properly. Dissect what the download and fix patterns tell us about how seriously people are taking this.
Dissecting Two Emerging Threats - Ledger Breach & Struts2 Vulnerability
Sonatype Field CTO Ilkka Turunen hosts special livestream to guide you through both a remote code execution vulnerability and a crypto malware case making waves through the industry.
New on the Naughty List: Unwrapping the Struts2 Vulnerability
While many developers are preparing for a much needed holiday break, another remote code execution vulnerability in Apache’s Struts2 Framework has been discovered, the same used to compromise Equifax.
* Required fields.
While many developers are preparing for a much needed holiday break, another remote code execution vulnerability in Apache’s Struts2 Framework has been discovered, the same used to compromise Equifax.
How Sonatype Customers Can Fix Struts 2 Vulnerability
This vulnerability poses a serious risk to applications with affected versions of Struts and is being actively exploited by attackers. Checkout our step-by-step guide to find and fix CVE-2023-50164 with Sonatype Firewall and a Repository Health Check (RHC) in Nexus Repository.
.png?width=1200&height=600&name=Struts2Linkedin%20Live%20(1).png)
