Apache Struts Security Update (S2-064) CVE-2023-34396
- CVSSv3 Score
- Vulnerability description
Apache Struts is prone to a denial of service (DoS) vulnerability.
- Risk description
When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.
- Update to version 2.5.31, 22.214.171.124 or later - Workaround: Set struts.multipart.maxSize to a value much much smaller than the available memory Note: Please set an override for this result if only the workaround has been applied
- Not available