1月14日，国家漏洞库CNNVD发布关于Apache Struts安全漏洞的通报。Apache Struts框架曝出安全漏洞（CNNVD-202601-1787，CVE-2025-68493），其XWork组件在解析XML配置文件时未对输入进行充分安全校验，攻击者可通过提交恶意XML文档，诱使服务器在解析过程中加载文件触发漏洞，导致敏感信息泄露或拒绝服务。

Apache has warned customers of a critical remote code execution (RCE) vulnerability in its popular Struts 2 framework. Apache Struts 2 is an open-source web application framework for developing Java ...

Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is ...

While the Struts framework has been widely deployed, there’s no doubt that its original version held room for improvement. The newly released Struts 2.0 carries much of the power of its predecessor ...

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, Cybersecurity ...

Writing code to validate Web-form input can be even more of a chore than implementing form-processing logic. But help is at hand, thanks to the Struts 2 framework. Oleg Mikheev looks under the hood of ...