A critical vulnerability in the Apache Struts 2 software has been disclosed. The bug allows for remote code execution on vulnerable servers and is trivial to exploit.
Apache recommends that all users of Struts versions 2.3.5 through 2.3.31 and 2.5 through 2.5.10 upgrade immediately to Struts 2.3.32 or Struts 2.5.10.1
Apache has provided more information about this vulnerability on the published advisory, Apache Security Bulletin S2-045.