Apache Struts is a free and open-source framework designed for creating modern Java web applications. The framework is reportedly used by at least 65 percent of Fortune 100 companies, and they could all be exposed to attacks due to a recently discovered security hole. Researchers at lgtm, a company that provides code analysis solutions, discovered that all versions of Apache Struts
released since 2008 are affected by a severe vulnerability related to the REST communication plugin. The Apache Struts group has described the flaw, tracked as CVE-2017-9805, as a potential remote code execution issue when the REST plugin is used with the XStream handler for XML payloads.