Security vulnerability

Apache Struts code execution vulnerability (CVE-2023-50164) allows attackers to control file upload parameter execution path traversal, and in some cases can upload malicious files to execute arbitrary code.

Apache OFBiz is an open source product for enterprise process automation. It includes framework components and business applications for ERP, CRM, e-commerce, supply chain management and manufacturing resource planning. There is a remote code execution vulnerability in Apache OFBiz before version 18.12.10. Because xml-RPC is no longer maintained, an authenticated attacker can use xml-RPC to conduct remote code execution exploits and control the server.

Recently, Google announced the HTTP/2 protocol vulnerability CVE-2023-44487.
Attackers can use this vulnerability to launch low-cost and very large-scale attacks (http2-rapid-reset-ddos-attack). Attackers used this method to launch attacks on Google Cloud Platform customers starting in August. In one attack, the attacker issued up to 398 million requests in 1 second, which is also the highest number of requests per second on record. an attack.

Description: cURL is a widely used multi-functional open source command line tool that uses URL syntax to transmit data and supports a variety of network protocols including SSL, TLS, HTTP, FTP, and SMTP. libcurl is…