The Apache Software Foundation has released a security advisory to address vulnerabilities in Struts in the version range 2.0.0 – 2.5.20. An attacker could exploit one of these vulnerabilities to take control of an affected system. The current version, Struts 2.5.22, is not affected. CISA encourages users and administrators to review Apache’s security advisory for CVE-2019-0230 and CVE-2019-0233 and upgrade to the appropriate version. Read the advisory at CISA.