Apache Struts 2 Vulnerability

Apache Struts 2 Vulnerability

Hello. We use ELA MSP and on our Managed server, our weekly vulnerability scanner flagged it as having a critical vulnerability, and suggested the Apache Struts be updated to version 2.3.28 or higher. Is there a fix for this specific one (whether special patch or just an update that is needed)? The exact message is:

"Apache Struts 2 Tag Attribute Double OGNL Evaluation RCE

Description
The remote web application appears to use Apache Struts 2, a web framework that utilizes OGNL (Object-Graph Navigation Language) as an expression language. A remote code execution vulnerability exists due to double OGNL evaluation of attribute values assigned to certain tags. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code.

Note that this plugin only reports the first vulnerable instance of a Struts 2 application.
Solution
Upgrade to Apache Struts version 2.3.28 or later. Alternatively, apply the workaround referenced in the vendor advisory."

                New to ADSelfService Plus?