Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRP: Request CVE-2024-53677 Remote Code Execution Vulnerability in Apache Struts #568

Open
xu-xiang opened this issue Dec 12, 2024 · 1 comment
Open

PRP: Request CVE-2024-53677 Remote Code Execution Vulnerability in Apache Struts #568

xu-xiang opened this issue Dec 12, 2024 · 1 comment
Assignees
@xu-xiang

Comments

@xu-xiang
Copy link

Hello,

I would like to start implementing a plugin to detect the vulnerability described in S2-067. This vulnerability has been addressed by upgrading to Struts 6.4.0 or greater and migrating to the new file upload mechanism.

The vulnerability has been assigned CVE ID CVE-2024-53677.
@tooryx
Copy link
Member

tooryx commented Jan 9, 2025

Hi @xu-xiang,

This generally seems like something that we would be interested in. But transforming a file upload generically into an RCE can be challenging. Additionally, it can pause the issue of deleting the file afterwards.

Could you provide more information on how you would write a detector for this?

~tooryx

@google google deleted a comment from MMarch7 Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xu-xiang xu-xiang

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tooryx @xu-xiang