Recently, a freely available PoC code has been discovered by researchers on GitHud, which could be used to attack unpatched security holes in Apache Struts 2.
Proof-of-concept exploits code surfacing on GitHub raised the stakes on existing Apache Struts 2 bugs, which allow for code execution remotely and denial-of-service attacks on various vulnerable installations.
The CISA (Cybersecurity and Infrastructure Security Agency) issued an alert regarding these two bugs, tracked as CVE-2019-0230 and CVE-2019-0233.
Struts 2 is an open-source coding framework and library for all enterprise developers popular with companies and developers while creating Java-based applications. Both the exploitable vulnerabilities in question were actually fixed last November.
Source: Threatpost