Apache has issued a security advisory regarding a critical remote code execution (RCE) vulnerability in the Struts 2 open-source web application framework. Tracked as CVE-2023-50164, the flaw originates from a flawed "file upload logic," allowing unauthorized path traversal and potential exploitation to upload a malicious file for arbitrary code execution. The impacted versions include Struts 2.3.37 (EOL), Struts 2.5.0 to Struts 2.5.32, and Struts 6.0.0 to Struts 6.3.0. Patches are available in versions 2.5.33 and 6.3.0.2 or higher, with no workarounds suggested. While there's no evidence of active exploitation, developers are strongly advised to perform the upgrade due to the severe nature of the vulnerability.