{"cve":{"cve_id":"CVE-2023-41835","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.06286,"epss_percentile":0.92679,"epss_as_of":"2026-06-23","description":"When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.","published_at":"2023-12-05T08:37:31.602000Z","last_modified_at":null,"cvss_v3_score":7.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":true,"ssvc_technical_impact":"partial","cwes":["CWE-459"],"nvd_references":["https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft","https://www.openwall.com/lists/oss-security/2023/12/09/1"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:37:03.454736Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-struts","product_name":"Apache Struts","version_start":"2.0.0","version_start_inclusive":true,"version_end":"2.5.31","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-struts:2.0.0:2.5.31"},{"vendor_slug":"apache-software-foundation","vendor_name":"Apache Software Foundation","product_slug":"apache-struts","product_name":"Apache Struts","version_start":"6.1.2.1","version_start_inclusive":true,"version_end":"6.3.0","version_end_inclusive":true,"cpe23_uri":"cve5:apache-software-foundation:apache-struts:6.1.2.1:6.3.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft","source_type":"MAILING_LIST","tags":["mailing-list"]},{"url":"https://www.openwall.com/lists/oss-security/2023/12/09/1","source_type":"MAILING_LIST","tags":["mailing-list"]}],"timeline":[{"type":"published","at":"2023-12-05T08:37:31.602000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:29:50.285708Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:29:50.285708Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:29:50.285708Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:37:03.454736Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:37:03.454736Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:37:03.454736Z","label":"SSVC decision revised","source":"vulnrichment"}]}