CVE-2012-0838

Name of the Vulnerable Software and Affected Versions Apache Struts 2 versions prior to 2.2.3.1

Description The issue is related to insufficient input validation in the Apache Struts platform, allowing remote attackers to execute arbitrary code via invalid input to a field. This is due to the evaluation of a string as an OGNL expression during the handling of a conversion error, which enables the modification of run-time data values.

Recommendations For Apache Struts 2 versions prior to 2.2.3.1, update to version 2.2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting input validation to prevent the exploitation of this issue.