Apache Struts is a free, open-source, MVC framework to create elegant modern Java web applications.
When the dynamic method invocation (Dynamic Method Invocation) is enabled for Struts, attackers may use the REST plug-in to run remote code.
Struts 2.3.20 - 2.3.28
Use Alibaba Cloud Security Web Application Firewall to intercept the attacking code for this vulnerability.
struts.xml file, set
Upgrade Struts to version 2.5 or later versions from the official website.