Upgrade Struts to 2.5.17

XMLWordPrintable

    • 4
    • Severity 2 - Major
    • 1

      A new RCE was reported in Struts2

      https://semmle.com/news/apache-struts-CVE-2018-11776

      Based on our investigation , Bamboo seems to be using a forked version of struts2.5.2 which is vulnerable to CVE-2018-11776. Users of Struts 2.3 are strongly advised to upgrade to 2.3.35; users of Struts 2.5 need to upgrade to 2.5.17.

      Summary

      Bamboo is not affected by CVE-2018-11776, but version 6.7.0 will have updated Struts version.

        1. Screen Shot 2018-08-23 at 01.50.53.png
          Screen Shot 2018-08-23 at 01.50.53.png
          435 kB

            Assignee:
            Unassigned
            Reporter:
            hari
            Votes:
            1 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: