When the dynamic call is enabled for Struts2, attackers may remotely run code for attacking. For more information, see http://struts.apache.org/docs/s2-032.html.
Struts 2.3.20 - 2.3.28 (except 126.96.36.199 and 188.8.131.52)
How to fix
Use Alibaba Cloud Security WAF to intercept attack code of the vulnerability.
Currently, Struts 184.108.40.206, 220.127.116.11, and 18.104.22.168 are available on the official website to fix this vulnerability. Accordingly, you can upgrade your Struts to the relevant version. The download address is https://struts.apache.org/download.cgi#struts23281.