Upgrade Struts to 2.5.17

XMLWordPrintable

    • 4
    • Severity 2 - Major
    • 1

      A new RCE was reported in Struts2

      https://semmle.com/news/apache-struts-CVE-2018-11776

      Based on our investigation , Bamboo seems to be using a forked version of struts2.5.2 which is vulnerable to CVE-2018-11776. Users of Struts 2.3 are strongly advised to upgrade to 2.3.35; users of Struts 2.5 need to upgrade to 2.5.17.

      Summary

      Bamboo is not affected by CVE-2018-11776, but version 6.7.0 will have updated Struts version.

        1. Screen Shot 2018-08-23 at 01.50.53.png
          Screen Shot 2018-08-23 at 01.50.53.png
          435 kB

              Assignee:
              Unassigned
              Reporter:
              hari
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: