{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T19:30:25.096","vulnerabilities":[{"cve":{"id":"CVE-2023-41835","sourceIdentifier":"security@apache.org","published":"2023-12-05T09:15:07.093","lastModified":"2025-11-04T20:16:46.207","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue."},{"lang":"es","value":"Cuando se realiza una solicitud multiparte pero algunos de los campos exceden el límite maxStringLength, los archivos cargados permanecerán en struts.multipart.saveDir incluso si la solicitud ha sido denegada. Se recomienda a los usuarios actualizar a las versiones Struts 2.5.32 o 6.1.2.2 o Struts 6.3.0.1 o superior, que solucionan este problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-459"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-459"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.5.32","matchCriteriaId":"F9AB79F4-6FCB-42EC-B241-099B97CC99ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.2.1","versionEndExcluding":"6.3.0.1","matchCriteriaId":"97723A4F-E3A6-4AF3-ACC9-3C9618A75220"}]}]}],"references":[{"url":"https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft","source":"security@apache.org","tags":["Mailing List","Release Notes"]},{"url":"https://www.openwall.com/lists/oss-security/2023/12/09/1","source":"security@apache.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Release Notes"]},{"url":"https://security.netapp.com/advisory/ntap-20231013-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openwall.com/lists/oss-security/2023/12/09/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}