A vulnerability was reported in Apache Struts. A remote user can execute arbitrary commands on the target system.
Apache Struts 2.x
Apache Struts Conversion Error OGNL Expression Injection Vulnerability.
When a conversion error occurs, user-supplied input is evaluated as an OGNL expression. A remote user can send specially crafted data to execute arbitrary OGNL commands on the target system.
The vulnerability is caused due to an input sanitisation error, which can be exploited to to inject and execute OGNL expressions if a conversion error is encountered.The vulnerability is reported in versions 2.0.0 through 2.2.3.
The vendor has issued a fix.Update to version 18.104.22.168. Apache Downloads and Support