[Git][security-tracker-team/security-tracker][master] Add CVE-2023-50164/libstruts1.2-java

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 7 20:26:19 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c637e03f by Salvatore Bonaccorso at 2023-12-07T21:24:27+01:00
Add CVE-2023-50164/libstruts1.2-java

Similarly as per CVE-2023-41835 this actually might be just not-affected
for the 1.2 series versions. It is though unclear if upstream just only
consider 2. versions onwards for advisories since the 1.2 based versions
were long deprecated and not supported. The information so in this CVE
entry might be wrong but safe on the side of marking it potentially
wrong as affected.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,9 @@ CVE-2023-6574 (A vulnerability was found in Beijing Baichuo Smart S20 up to 2023
 CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a stored cr ...)
 	TODO: check
 CVE-2023-50164 (An attacker can manipulate file upload params to enable paths traversa ...)
-	TODO: check
+	- libstruts1.2-java <removed>
+	NOTE: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj
+	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-066
 CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...)
 	TODO: check
 CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c637e03fb00c682376b6746ce9ce84030befe39e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c637e03fb00c682376b6746ce9ce84030befe39e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231207/bf8cd731/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list