Apache Software Foundation issues advisory for Struts users to update Commons FileUpload library. Common FileUpload is vulnerable to a deserialization problem with a Java Object. The vulnerability was discovered two years ago and it received the identifier CVE-2016-1000031. Apache Struts 2.3.36 was released as a “General Availability”” edition on October 15
Source: