Uploaded image for project: 'Marathon'
  1. Marathon
  2. MARATHON-7713

Alert Logic reports that Struts2 version that's being used is vulnerable

    Details

    • Type: Task
    • Status: Open
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Build & CI
    • Labels:

      Description

      Marathon 1.4.6

      Alert logic is reporting the following issue:
      CVE-2017-5638 - Apache - Struts2 Jakata - Multipart Parser Code Execution Issue

      It is recommended that users upgrade to the latest version of Struts2. This vulnerability has been fixed in the following versions:

      Struts2 2.3.32
      Struts2 2.5.10.1

      Evidence:

      Port: 8443 Affected: /struts2-portlet/index.action

      Are there plans to update struts2?

      Thank you!

      This isssue has been created automatically from Marathon GitHub Issue 5479.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              marathon-bot Marathon Bot
              Team:
              Orchestration Team
              Watchers:
              Marathon Bot
            • Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: