The flaw results from the dangerously exposed /adminui/debug servlet, which evaluates user-supplied OGNL expressions as Java code without requiring authentication or input validation."

WTF? 😳

Under active attack and people are advised to patch by Nov 5 😂