Apache Struts is a free and open-source framework used to build Java web applications . We looked into past several Remote Code Execution ( RCE ) vulnerabilities reported Vulnerability-related.DiscoverVulnerability in Apache Struts , and observed Vulnerability-related.DiscoverVulnerability that in most of them , attackers have used Object Graph Navigation Language ( OGNL ) expressions . The use of OGNL makes it easy to execute arbitrary code remotely because Apache Struts uses it for most of its processes . Using OGNL , a researcher found Vulnerability-related.DiscoverVulnerability a new remote code execution vulnerability in Apache Struts 2 , designated as Vulnerability-related.DiscoverVulnerability CVE-2017-5638 . An exploit has been reported Vulnerability-related.DiscoverVulnerability to be already in the wild .