CVE-2023-41835 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-41835 Interim 1 7 2025-06-06T23:20:44Z current 2023-12-06T00:09:39Z 2025-06-06T23:20:44Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-41835 When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Manager Server Module 4.2 SUSE Manager Server Module 4.3 struts struts as a component of SUSE Manager Server Module 4.2 struts as a component of SUSE Manager Server Module 4.3 When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue. CVE-2023-41835 SUSE Manager Server Module 4.2:struts SUSE Manager Server Module 4.3:struts moderate 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H