Secure Code Warrior is aware of the recently disclosed CVE-2023-50164 critical vulnerability with a severity rating of 9.8 that affects Apache Struts 2. CVE-2023-50164 is intricately tied to an organization's Apache Struts architecture and the way it uses its file upload feature, enabling unauthorized path traversal that could be abused to upload a malicious file and perform remote code execution (RCE). It should be noted that exploiting this vulnerability at scale becomes significantly challenging for attackers, as it lacks the same straightforward scanning and exploitation capabilities observed in CVE-2017-5638. Apache advises users to upgrade to Struts 2.5.33, 184.108.40.206, or higher.
More information can be found here: NVD - CVE-2023-50164 (nist.gov)
Secure Code Warrior has assessed our internal environment and can confirm we are not impacted by this vulnerability.