The Apache Struts framework has been identified with a critical remote code execution vulnerability due to an unvalidated input injection into its expression language called OGNL, which is used by a few Java-based frameworks including itself and Spring Web Flow. The vulnerability was discovered in April 2022 and affects versions 2.3 to 2.3.24 and 2.5 to 2.5.16 of Struts. This bug has the potential for widespread impact as many web applications use Apache Struts, similar to the Equifax breach in 2017 which was caused by a similar vulnerability. It is highly recommended that anyone using Apache Struts patch immediately to prevent exploitation.