{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-41835","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","state":"PUBLISHED","assignerShortName":"apache","dateReserved":"2023-09-04T07:53:19.551Z","datePublished":"2023-12-05T08:37:31.602Z","dateUpdated":"2025-11-04T19:21:09.564Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://repo.maven.apache.org/maven2","defaultStatus":"unaffected","packageName":"org.apache.struts","product":"Apache Struts","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"2.5.31","status":"affected","version":"2.0.0","versionType":"semver"},{"lessThanOrEqual":"6.3.0","status":"affected","version":"6.1.2.1","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">When a Multipart request is performed but some of the fields exceed the </span><code>maxStringLength</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp; limit, the upload files will remain in </span><code>struts.multipart.saveDir</code><span style=\"background-color: rgb(255, 255, 255);\">&nbsp; even if the request has been denied.</span><br>Users are recommended to upgrade to versions <span style=\"background-color: rgb(255, 255, 255);\">Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater</span>, which fixe this issue."}],"value":"When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue."}],"metrics":[{"other":{"content":{"text":"moderate"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-459","description":"CWE-459 Incomplete Cleanup","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2023-12-12T08:42:20.578Z"},"references":[{"tags":["mailing-list","vendor-advisory"],"url":"https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft"},{"url":"https://www.openwall.com/lists/oss-security/2023/12/09/1"}],"source":{"discovery":"EXTERNAL"},"title":"Apache Struts: excessive disk usage","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CVE Program Container","references":[{"tags":["mailing-list","vendor-advisory","x_transferred"],"url":"https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft"},{"url":"https://www.openwall.com/lists/oss-security/2023/12/09/1","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20231013-0001/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T19:21:09.564Z"}},{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-05-28T15:55:29.926474Z","id":"CVE-2023-41835","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-28T15:56:00.942Z"}}]}}