A critical vulnerability has been identified in Apache Struts 2, an open source framework used to develop web applications. The vulnerability allows users to execute malicious code by plugging in maliciously modified data into search boxes or other features hosted on the site. Specifically, the affected software is Struts 2.1.2 – Struts 2.3.33, and Struts 2.5 – Struts 2.5.12.
Fix: It is recommended that you upgrade to Struts 2.5.13 or Struts 2.3.34. Downloads can be found here.
Alternatives to upgrading: No workaround is possible, the best option is to remove the Struts REST plugin when not used or limit it to server normal pages and JSONs only as outlined here: https://struts.apache.org/docs/s2-052.html
If you use Red Hat (for Linux), you can find information here: https://access.redhat.com/security/cve/cve-2017-9805