sticky : sticky
Skip Navigation

Struts2 Vulnerability Insights

In December 2023, news broke of CVE-2023-50164—a critical Remote Code Execution (RCE) vulnerability in the Apache Struts2 open source Java library.  As the stewards of Maven Central, our teams are working around the clock to ensure that the world has reliable and fast access to the latest Struts2 fixes.

Struts2 Download Dashboard

Struts2 Dashboard analytics
 

Struts2 Resources

New on the Naughty List: Unwrapping the Struts2 Vulnerability

While many developers are preparing for a much needed holiday break, another remote code execution vulnerability in Apache’s Struts2 Framework has been discovered, the same used to compromise Equifax.

* Required fields.

While many developers are preparing for a much needed holiday break, another remote code execution vulnerability in Apache’s Struts2 Framework has been discovered, the same used to compromise Equifax.

How Sonatype Customers Can Fix Struts 2 Vulnerability

This vulnerability poses a serious risk to applications with affected versions of Struts and is being actively exploited by attackers. Checkout our step-by-step guide to find and fix CVE-2023-50164 with Sonatype Firewall and a Repository Health Check (RHC) in Nexus Repository.