A vulnerability in Apache Struts and the DiskFileItem class in the Apache Commons FileUpload library could allow an unauthenticated, remote attacker to execute arbitrary code or modify arbitrary files on a targeted system.
The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by submitting crafted data to an affected system. A successful exploit could cause the deserialization of untrusted data, which could allow the attacker to execute arbitrary code or manipulate files on the targeted system.
The Apache Software Foundation has confirmed the vulnerability and released updated software.
Security Impact Rating: High