CVE-2024-53677 is a critical vulnerability in Apache Struts 2 with a CVSS score of 9.5. This flaw in the file upload logic allows path traversal and uploading of malicious files, enabling remote code execution (RCE). Exploitation has been observed in the wild using public proof-of-concept exploits.
CVE-2024-53677 is a critical vulnerability in Apache Struts 2, stemming from a flaw in the file upload logic that allows path traversal and the upload of malicious files, such as web shells, leading to remote code execution (RCE). Exploitation in the wild involves attackers using public proof-of-concept exploits to upload malicious files, which print identifying strings to confirm successful exploitation. These exploits allow attackers to enumerate vulnerable systems and execute further malicious actions.