Description:
Apache has released a security update to address a vulnerability in Apache Struts. A remote attacker could exploit the vulnerabilities by sending a specially crafted request to the affected systems.
Affected Systems:
- Apache Struts prior to version 2.5.28.3
Impact:
A successful exploitation could lead to remote code execution on an affected system.
Recommendation:
Administrators of the affected systems should upgrade the Apache Struts to current version 2.5.28.3 to address the issues. The update is available at:
https://struts.apache.org/download.cgi
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risks.
More Information:
- https://struts.apache.org/announce-2022#a20220102
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832