diff --git a/gradle/build.gradle b/gradle/build.gradle
index e3271c7..d10e419 100644
--- a/gradle/build.gradle
+++ b/gradle/build.gradle
@@ -24,7 +24,7 @@ buildscript {
 dependencies {
     implementation 'com.google.guava:guava:32.0.1-jre'
     implementation "joda-time:joda-time:2.12.5"
-    implementation "org.apache.struts:struts2-core:2.3.8"
+    implementation "org.apache.struts:struts2-core:2.5.31"
     // testImplementation "org.apache.struts:struts2-core:2.3.8"
     testImplementation "junit:junit:4.13.2"
 }
diff --git a/scala/build.sbt b/scala/build.sbt
index 3a61e23..00fe130 100644
--- a/scala/build.sbt
+++ b/scala/build.sbt
@@ -5,7 +5,7 @@ lazy val root = (project in file(".")).
       val _ = (g8Test in Test).toTask("").value
     },
     // Introduces a CVE, leading to a potential build fail
-    libraryDependencies += "org.apache.struts" % "struts2-core" % "2.3.8",
+    libraryDependencies += "org.apache.struts" % "struts2-core" % "2.5.31",
     dependencyCheckFailBuildOnCVSS := 5,
     dependencyCheckOSSIndexAnalyzerEnabled := Some(false),
     // Add a suppression file, to test false positive suppression