cvelist/2023/41xxx/CVE-2023-41835.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-41835",
        "ASSIGNER": "security@apache.org",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "When a Multipart request is performed but some of the fields exceed the maxStringLength\u00a0 limit, the upload files will remain in struts.multipart.saveDir\u00a0 even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-459 Incomplete Cleanup",
                        "cweId": "CWE-459"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Apache Software Foundation",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Struts",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "2.0.0",
                                            "version_value": "2.5.31"
                                        },
                                        {
                                            "version_affected": "<=",
                                            "version_name": "6.1.2.1",
                                            "version_value": "6.3.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft",
                "refsource": "MISC",
                "name": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft"
            },
            {
                "url": "https://www.openwall.com/lists/oss-security/2023/12/09/1",
                "refsource": "MISC",
                "name": "https://www.openwall.com/lists/oss-security/2023/12/09/1"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2023-09-04 08:00:32 +00:00			`{`
"-Synchronized-Data." 2023-12-05 09:00:33 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2023-09-04 08:00:32 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2023-41835",`
"-Synchronized-Data." 2023-12-05 09:00:33 +00:00			`"ASSIGNER": "security@apache.org",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2023-09-04 08:00:32 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-12-05 09:00:33 +00:00			`"value": "When a Multipart request is performed but some of the fields exceed the maxStringLength\u00a0 limit, the upload files will remain in struts.multipart.saveDir\u00a0 even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue."`
"-Synchronized-Data." 2023-09-04 08:00:32 +00:00			`}`
			`]`
"-Synchronized-Data." 2023-12-05 09:00:33 +00:00			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2023-12-12 09:00:33 +00:00			`"value": "CWE-459 Incomplete Cleanup",`
			`"cweId": "CWE-459"`
"-Synchronized-Data." 2023-12-05 09:00:33 +00:00			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Apache Software Foundation",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Apache Struts",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "2.0.0",`
			`"version_value": "2.5.31"`
			`},`
			`{`
			`"version_affected": "<=",`
			`"version_name": "6.1.2.1",`
			`"version_value": "6.3.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft",`
			`"refsource": "MISC",`
			`"name": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft"`
"-Synchronized-Data." 2023-12-09 19:00:33 +00:00			`},`
			`{`
"-Synchronized-Data." 2023-12-12 09:00:33 +00:00			`"url": "https://www.openwall.com/lists/oss-security/2023/12/09/1",`
"-Synchronized-Data." 2023-12-09 19:00:33 +00:00			`"refsource": "MISC",`
"-Synchronized-Data." 2023-12-12 09:00:33 +00:00			`"name": "https://www.openwall.com/lists/oss-security/2023/12/09/1"`
"-Synchronized-Data." 2023-12-05 09:00:33 +00:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2023-09-04 08:00:32 +00:00			`}`
			`}`