A flaw was found in the Apache Struts frameworks. When forced, some of the tag’s attributes perform a double evaluation if a developer applies forced OGNL evaluation by using the %{…} syntax. Using a forced OGNL evaluation on untrusted user input allows an attacker to perform remote code execution and security degradation. The highest threat from this vulnerability is to data confidentiality, integrity as well as system availability.