Apache Tomcat issue tracked as CVE-2019-0232 could allow malicious actors to execute arbitrary commands on their victims’ systems by taking advantage of an OS command injection caused by an input validation error in Tomcat’s CGI Servlet stemming from “a bug in the way the JRE passes command line arguments to Windows”” The vulnerability was discovered by Nightwatch Cybersecurity Research who reported it to ASF’s security team through the Intigriti/Deloitte bug bounty platform sponsored by the European Union’s FOSSA-2 project.”
Source: https://www.bleepingcomputer.com/news/security/important-severity-remote-code-execution-vulnerability-patched-in-tomcat/