Affects LISTSERV Maestro only.  If you are not running Maestro, this does not affect your LISTSERV installation.  Note that this vulnerability refers only to the version of Apache Struts shipped with earlier versions of LISTSERV Maestro.

Description


An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. 


https://nvd.nist.gov/vuln/detail/CVE-2023-50164


Mitigation


If you are affected by this CVE, upgrade to LISTSERV Maestro 11.0-14 or later, which contains a version of Apache Struts that no longer exhibits the vulnerability.