Apache · Apache Struts · CVE-2015-1831
**Name of the Vulnerable Software and Affected Versions**
Apache Struts version 2.3.20
**Description**
The default exclude patterns in Apache Struts allow remote attackers to compromise the internal state of an application via unspecified vectors.
**Recommendations**
For Apache Struts version 2.3.20, consider updating to version 2.3.20.1, which includes a better set of exclude patterns to mitigate the issue.