## https://sploitus.com/exploit?id=SAINT:4BAC67F9D22EC68312733CE8CEE91B87
Added: 02/03/2021
### Background
Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture.
Struts uses Object-Graph Navigation Language (OGNL) to provide extensive expression evaluation capabilities.
### Problem
A vulnerability in Apache Struts could allow remote attackers to execute arbitrary commands if the application uses forced OGNL evaluation on user input.
### Resolution
[Upgrade](<https://struts.apache.org/download.cgi>) to Apache Struts 2.5.26 or higher.
### References
<https://cwiki.apache.org/confluence/display/WW/S2-061>