Sam Ng

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions prior to 2.3.29 Apache Struts 2.5.x versions prior to 2.5.1 **Description** The issue is related to improper action name clean up, which may allow attackers to have an unspecified impact. It is also described as a vulnerability in the implementation of the action name cleanup method, associated with insufficient input validation. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** For Apache Struts versions prior to 2.3.29, update to version 2.3.29 or later. For Apache Struts 2.5.x versions prior to 2.5.1, update to version 2.5.1 or later.