A critical Remote Code Execution (RCE) vulnerability for Apache Struts, CVE-2021-31805, has been announced simultaneously with an available patch. The US Cybersecurity and Infrastructure Agency (CISA) recommended that all administrators upgrade to the latest Struts 2 version. Apache Struts is a highly popular open-source application development framework used by Java web developers for building model–view–controller (MVC) apps. The vulnerability stems from an incomplete patch of a critical Object-Graph Navigation Language (OGNL) vulnerability in Struts, CVE-2020-17530.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased