edit-icon download-icon

[Vulnerability notice] Remote command execution vulnerability in devMode in Struts 2

Last Updated: May 07, 2018


Apache Struts is a free and open-source MVC framework to create elegant modern Java web applications.

When devMode is enabled for Struts, attackers can construct malicious code to run any command remotely.

Affected versions

Struts 2.1.0 - 2.5.0


Thank you! We've received your feedback.