When the dynamic call is enabled for Struts2, attackers may remotely run code for attacking. For more information, see http://struts.apache.org/docs/s2-032.html.
Struts 2.3.20 - 2.3.28 (except 188.8.131.52 and 184.108.40.206)
How to fix
Use Alibaba Cloud Security WAF to intercept attack code of the vulnerability.
Currently, Struts 220.127.116.11, 18.104.22.168, and 22.214.171.124 are available on the official website to fix this vulnerability. Accordingly, you can upgrade your Struts to the relevant version. The download address is https://struts.apache.org/download.cgi#struts23281.