struts2-core-2.3.20.1.jar this file has serious vulnerability, is there a fix available from Atlassian, this file is in may locations see below
/opt/atlassian-crowd-2.8.4/crowd-webapp/WEB-INF/lib/struts2-core-2.3.20.1.jar
/opt/atlassian-crowd-2.8.4/demo-webapp/WEB-INF/lib/struts2-core-2.3.20.1.jar
/opt/atlassian-crowd-2.8.4/crowd-openidserver-webapp/WEB-INF/lib/struts2-core-2.3.20.1.jar
/opt/atlassian-crowd-2.8.4/crowd-openidclient-webapp/WEB-INF/lib/struts2-core-2.3.20.1.jar
Hi Asif,
Yes, there is a fix available. You will actually need to upgrade your Crowd installation. Please take a look at this page: https://confluence.atlassian.com/crowd/crowd-security-advisory-2017-03-10-876857916.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.