Xfer0

**Name of the Vulnerable Software and Affected Versions** Apache Struts versions 2.1.x through 2.3.x **Description** The issue exists due to insufficient validation of user-input data that is part of a message, allowing a remote attacker to execute arbitrary code. This can be achieved by passing a malicious field value in a raw message to the ActionMessage. **Recommendations** For versions 2.1.x through 2.3.x, consider disabling the Struts 1 plugin until a patch is available to prevent remote code execution via malicious field values in raw messages to the ActionMessage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.