Upgrade Struts to avoid false-positive scanner warnings about CVE-2024-53677

XMLWordPrintable

    • 21
    • Severity 3 - Minor
    • 12

      Issue Summary

      Recent CVE-2024-53677 at Struts triggers vulnerability scanners warning.

      Bamboo is not affected

      Supported versions of Bamboo (9.2+, 9.6+, 10.2+) are not affected because FileUploadInterceptor doesn't handle uploaded files.

      Steps to Reproduce

      See WEB-INB/lib folder

      Expected Results

      To remove warning from scanners Struts should be upgraded to 6.4+

      Actual Results

      Struts is 2.5.33-atlassian-1

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

              Assignee:
              Unassigned
              Reporter:
              Alexey Chystoprudov
              Votes:
              5 Vote for this issue
              Watchers:
              19 Start watching this issue

                Created:
                Updated:
                Resolved: