CVE-2023-34149

CWE-770 — Allocation without Limits4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 79.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Struts Apache Software Foundation Apache Struts

Timeline

PublishedJun 14

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_struts2.5.30+1

▶NVDapache/struts6.0.0 — 6.1.2.1+1

▶Mavenorg.apache.struts:struts2-core6.0.0 — 6.1.2.1+1

🔴Vulnerability Details

CVEList

Apache Struts: DoS via OOM owing to not properly checking of list bounds↗2023-06-14

▶

OSV

Apache Struts vulnerable to memory exhaustion↗2023-06-14

▶

GHSA

Apache Struts vulnerable to memory exhaustion↗2023-06-14

▶