Hideyuki Suzumi

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.2.3.1 **Description** The issue arises from improper input validation in the ExceptionDelegator component of Apache Struts. This component interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties. As a result, remote attackers can execute arbitrary Java code via a crafted parameter. **Recommendations** For versions prior to 2.2.3.1, update to version 2.2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ExceptionDelegator component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Struts 2 versions prior to 2.2.3.1 **Description** The issue is related to insufficient input validation in the Apache Struts platform, allowing remote attackers to execute arbitrary code via invalid input to a field. This is due to the evaluation of a string as an OGNL expression during the handling of a conversion error, which enables the modification of run-time data values. **Recommendations** For Apache Struts 2 versions prior to 2.2.3.1, update to version 2.2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting input validation to prevent the exploitation of this issue.