Version 18.104.22.168 of the open source Apache Struts web application framework was recently released.
"The update closes critical holes in Struts 2, fixing four old and well known security vulnerabilities that could be exploited by an attacker to circumvent restrictions by using dynamic method invocation (DMI) to inject and execute malicious Java code," The H Security reports.
"Versions 2.1.0 to 2.3.1 of Struts are affected; upgrading to 22.214.171.124 corrects the issues," the article states.
Go to "Apache Struts update closes critical holes" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.