Share
## https://sploitus.com/exploit?id=SAINT:D1B88155F516D415CE4F67A190458DDB
Added: 04/26/2022  


### Background

Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller (MVC) architecture. 

Struts uses Object-Graph Navigation Language (OGNL) to provide extensive expression evaluation capabilities. 

### Problem

A vulnerability in Apache Struts could allow remote attackers to execute arbitrary commands if the application uses forced OGNL evaluation on user input. This vulnerability exists due to an incomplete fix for CVE-2020-17530. 

### Resolution

[Upgrade](<https://struts.apache.org/download.cgi>) to Apache Struts 2.5.30 or higher. 

### References

<https://cwiki.apache.org/confluence/display/WW/S2-062>