Is CVE-2024-53677 known to be exploited?

43 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Struts

CVE-2024-53677

File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Executi…

EPSS: 0.932 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Struts — versions 2.0.0

Public proof-of-concept exploits

TAM-K592/CVE-2024-53677-S2-067
EQSTLab/CVE-2024-53677
cloudwafs/s2-067-CVE-2024-53677
SeanRickerd/CVE-2024-53677
shishirghimir/CVE-2024-53677-Exploit
yangyanglo/CVE-2024-53677
c4oocO/CVE-2024-53677-Docker
r007sec/CVE-2024-53677
dustblessnotdust/CVE-2024-53677-S2-067-thread
Cythonic1/CVE-2024-53677-POC

References

cwiki.apache.org/confluence/display/WW/S2-067 (vendor-advisory)

Frequently asked questions

What is CVE-2024-53677?: CVE-2024-53677 is a vulnerability in Apache Software Foundation Struts. Published 2024-12-11.
Is CVE-2024-53677 known to be exploited?: 43 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.