CVE-2023-34396: Allocation of Resources Without Limits or Throttling

June 14, 2023 (updated July 6, 2023)

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

References

cwiki.apache.org/confluence/display/WW/S2-064
github.com/apache/struts/commit/2d6f1bc0a6f5ac575a56784ac6461816b67c4f21
github.com/apache/struts/commit/e58edfba83189fd17dcce94dc2be57a8b4e1571e
nvd.nist.gov/vuln/detail/CVE-2023-34396

Detect and mitigate CVE-2023-34396 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →