Jack Hagan

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.5.22 **Description** The issue is related to a local code execution problem in Apache Struts2 when processing malformed XSLT files. This could allow a malicious user to upload and execute arbitrary files by sending a specially crafted XSLT file. The exploitation of this issue may enable a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 2.5.22, update to version 2.5.22 or later to resolve the issue. As a temporary workaround, consider restricting the upload of XSLT files or disabling the processing of malformed XSLT files until a patch is applied.