Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Two bugs that allow for remote code-execution and denial-of-service attacks on vulnerable installations were fixed last November. The vulnerabilities are listed as CVE-2019-0230 and CVE-233-0233. Apache security bulletin recommends upgrading to the most recent version of the open-source coding framework and library for enterprise developers. The PoC attack and exploit posted to GitHub targets the most severe of these vulnerabilities.
Source: https://threatpost.com/poc-exploit-github-apache-struts/158393/