CVE-2023-41835

Summary

Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability

Severity

high

EPSS

6.3% (p93)

Also known as

GHSA-729q-fcgp-r5xh

Published

2023-12-05

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-41835
• https://github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
• https://github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7

Related advisories

• CVE-2024-53677 — critical · Maven/org.apache.struts:struts2-core
• CVE-2023-50164 — critical · Maven/org.apache.struts:struts2-core
• CVE-2013-2251 — critical · Maven/org.apache.struts:struts2-core
• CVE-2012-0391 — critical · Maven/org.apache.struts:struts2-core
• CVE-2020-17530 — critical · Maven/org.apache.struts:struts2-core
• CVE-2025-68493 — high · Maven/org.apache.struts:struts2-core
• CVE-2025-66675 — high · Maven/org.apache.struts:struts2-core
• CVE-2025-64775 — high · Maven/org.apache.struts:struts2-core

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity